[SSSD] [sssd PR#5952][+Tests] Tests: sssctl analyze capture tevent chain ID logic in logs

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5952
Title: #5952: Tests: sssctl analyze capture tevent chain ID logic in logs

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5952][opened] Tests: sssctl analyze capture tevent chain ID logic in logs

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5952
Author: shridhargadekar
 Title: #5952: Tests: sssctl analyze capture tevent chain ID logic in logs
Action: opened

PR body:
"""
sssctl analyze should capture tevent chain ID in the sssd nss, pam logs,

verifies #5863
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5952/head:pr5952
git checkout pr5952
From d4c4efbe35ae3c73c049fa6a7b2d112603a518fb Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 18 Jan 2022 00:04:12 +0530
Subject: [PATCH] Tests: sssctl analyze capture tevent chain ID logic in logs

sssctl analyze should capture tevent chain ID in the logs,
verifies #5863
---
 .../alltests/test_sssctl_analyzer.py  | 46 +++
 1 file changed, 46 insertions(+)

diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py
index 05fdc88bd3..85b9c944be 100644
--- a/src/tests/multihost/alltests/test_sssctl_analyzer.py
+++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py
@@ -181,3 +181,49 @@ def test_analyzer_pam_logs(self, multihost, backupsssdconf):
 'SSS_PAM_ACCT_MGMT', 'SSS_PAM_SETCRED']
 for pam_auth in pam_cmds:
 assert pam_auth in stdout
+
+def test_analyze_tevent_id(self, multihost, backupsssdconf):
+"""
+:title: sssctl analyze to parse tevent chain IDs from logs
+:id: f748766c-0177-4306-9e7f-816586734e14
+:description: sssctl analyze should able to parse tevent chain
+ IDs from responder logs
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670
+:steps:
+1. Configure sssd to authenticate against directory server
+2. Enable debug_level to 9 in the 'nss', 'pam' and domain section
+3. Restart SSSD with cleared cache
+4. Log in as a user using ssh
+5. Confirm tevent chain IDs(RID) is showing in logs
+:expectedresults:
+1. Should succeed
+2. Should succeed
+3. Should succeed
+4. Should succeed
+5. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd/')
+dm_sec = ['nss', 'pam']
+sssd_params = {'debug_level': '9'}
+for sec_op in dm_sec:
+tools.sssd_conf(sec_op, sssd_params, action='update')
+multihost.client[0].service_sssd('start')
+i_cmd = f'id foo1@{ds_instance_name}'
+multihost.client[0].run_command(i_cmd, raiseonerr=False)
+user = f'foo1@{ds_instance_name}'
+client_hostname = multihost.client[0].sys_hostname
+client = pexpect_ssh(client_hostname, user, 'Secret123',
+ debug=False)
+try:
+client.login()
+except SSHLoginException:
+pytest.fail(f"{user} failed to login")
+else:
+client.logout()
+_, stdout = analyzer(multihost, 'show 1')
+assert 'RID #' in stdout
+_, stdout = analyzer(multihost, 'show 1 --pam')
+assert 'RID #' in stdout
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5908][comment] Check default debug level of sssd and corresponding logs

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5908
Title: #5908: Check default debug level of sssd and corresponding logs

shridhargadekar commented:
"""
@sgoveas Could you implement f-strings instead of currently used string 
formatting.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5908#issuecomment-1009636603
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5929][comment] Tests: Add tests for poor man's backtrace

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5929
Title: #5929: Tests: Add tests for poor man's backtrace

shridhargadekar commented:
"""
PR looks good from code perspective. Once questions from Alexey are answered, 
we could merge it.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5929#issuecomment-1009633768
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5830][+Changes requested] Tests: Port the old ns_account_lock.sh script to pytest

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5830
Title: #5830: Tests: Port the old ns_account_lock.sh script to pytest

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5929][comment] Tests: Add tests for poor man's backtrace

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5929
Title: #5929: Tests: Add tests for poor man's backtrace

shridhargadekar commented:
"""
Some places in code, are using f-strings and some are not. Like line34,37 and 
other. Try to implement f-strings through out the MR.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5929#issuecomment-1006391313
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5930][-Blocked] Tests: Health and Support Analyzer - Add request log parsing utility

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5930
Title: #5930: Tests: Health and Support Analyzer - Add request log parsing 
utility

Label: -Blocked
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5930][comment] Tests: Health and Support Analyzer - Add request log parsing utility

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5930
Title: #5930: Tests: Health and Support Analyzer - Add request log parsing 
utility

shridhargadekar commented:
"""
> Hi Shridhar,
> 
> #5863 changed how the chain ID is logged in responders, and also changed the 
> analyzer log parsing to cope with this. I haven't checked but it may require 
> these analyzer tests to be updated.
> 
> If you have any questions feel free to ping me.

@justin-stephenson , I checked the PR against latest package version, and this 
PR executes the tests correctly. From latest changes in sssd version, above 
tests do not need any changes. However More tests could be added.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5930#issuecomment-1006003668
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5930][comment] Tests: Health and Support Analyzer - Add request log parsing utility

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5930
Title: #5930: Tests: Health and Support Analyzer - Add request log parsing 
utility

shridhargadekar commented:
"""
> Hi Shridhar,
> 
> #5863 changed how the chain ID is logged in responders, and also changed the 
> analyzer log parsing to cope with this. I haven't checked but it may require 
> these analyzer tests to be updated.
> 
> If you have any questions feel free to ping me.

I checked the PR against latest package version, and this PR executes the tests 
correctly. From latest changes in sssd version, above tests do not need any 
changes. However More tests could be added.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5930#issuecomment-1006003668
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5925][+Changes requested] TEST: Current value of ssh_hash_known_hosts causes error in the default configuration in FIPS mode

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5925
Title: #5925: TEST: Current value of ssh_hash_known_hosts causes error in the 
default configuration in FIPS mode

Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5925][-Accepted] TEST: Current value of ssh_hash_known_hosts causes error in the default configuration in FIPS mode

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5925
Title: #5925: TEST: Current value of ssh_hash_known_hosts causes error in the 
default configuration in FIPS mode

Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5930][synchronized] Tests: Health and Support Analyzer - Add request log parsing utility

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5930
Author: shridhargadekar
 Title: #5930: Tests: Health and Support Analyzer - Add request log parsing 
utility
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5930/head:pr5930
git checkout pr5930
From fe5bfbe551e570875afb88f6fd1dc72b2b8857de Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 21 Dec 2021 00:35:14 +0530
Subject: [PATCH] Tests: Health and Support Analyzer - Add request log parsing
 utility

Verifies: #5712
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670
---
 .../alltests/test_sssctl_analyzer.py  | 183 ++
 1 file changed, 183 insertions(+)
 create mode 100644 src/tests/multihost/alltests/test_sssctl_analyzer.py

diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py
new file mode 100644
index 00..b4a99b40f6
--- /dev/null
+++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py
@@ -0,0 +1,183 @@
+"""Automation tests for sssctl analyzer
+:requirement: sssctl analyzer
+:casecomponent: sssd
+:subsystemteam: sst_idm_sssd
+:upstream: yes
+"""
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from sssd.testlib.common.expect import pexpect_ssh
+from sssd.testlib.common.exceptions import SSHLoginException
+from constants import ds_instance_name
+
+
+def analyzer(multihost, req_arg, arg=None):
+"""
+Execute sssctl analyze command with given action and options
+and return the exit status as well as command output
+:param str req_arg: command action to perform, values could be
+'list' or 'show' or 'show '
+: param str arg: optional argument string. values could be
+'--source ' or '--logdir ' or '--help'
+"""
+if arg is None:
+arg = ''
+cmd1 = f'sssctl analyze {arg} request {req_arg}'
+cmd = multihost.client[0].run_command(cmd1, raiseonerr=False)
+return cmd.returncode, cmd.stdout_text
+
+
+@pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups')
+@pytest.mark.analyzer
+@pytest.mark.tier1_2
+class TestSssctlAnalyzer(object):
+""" sssctl analyze test suite """
+def test_analyzer_list(self, multihost, backupsssdconf):
+"""
+:title: sssctl analyzer list to show captured nss related
+ requests from sssd log
+:id: 95e18ae1-6c4a-4baa-8202-fe33fe82bdec
+:description: sssctl analyzer request list is able to capture the user
+ and group related requests raised when commands like id and getent
+ are executed
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670
+:steps:
+1. Configure sssd to authenticate against directory server
+2. Enable debug_level to 9 in the 'nss', 'pam' and domain section
+3. Restart SSSD with cleared cache
+4. Fetch user and group information using 'id' and 'getent' tools
+5. Run 'sssctl analyzer request list'
+6. Check with sssctl analyzer is listing id and getent instances
+7. sssctl analyzer with subcmd 'show' and request number is listing
+   logs related to that number only
+:expectedresults:
+1. Should succeed
+2. Should succeed
+3. Should succeed
+4. Should succeed
+5. Should succeed
+6. Should succeed
+7. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
+sec = ['nss', 'pam']
+sssd_params = {'debug_level': '9'}
+for sec_op in sec:
+tools.sssd_conf(sec_op, sssd_params, action='update')
+multihost.client[0].service_sssd('start')
+tools.clear_sssd_cache()
+cmd = f'getent group ldapusers@{ds_instance_name}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+cmd = f'id foo1@{ds_instance_name}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+for act_op in ['list', 'list -v']:
+_, stdout = analyzer(multihost, act_op)
+assert all(ptn in stdout for ptn in ['id', 'getent'])
+tools.clear_sssd_cache()
+cmd = f'getent passwd foo1@{ds_instance_name}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+for act_op in ['list', 'list -v']:
+_, stdout = analyzer(multihost, act_op)
+assert all(ptn in stdout for ptn in ['CID #1', 'getent'])
+
+def test_analyzer_diff_log_location(self, multihost

[SSSD] [sssd PR#5930][+Tests] Tests: Health and Support Analyzer - Add request log parsing utility

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5930
Title: #5930: Tests: Health and Support Analyzer - Add request log parsing 
utility

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5930][opened] Tests: Health and Support Analyzer - Add request log parsing utility

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5930
Author: shridhargadekar
 Title: #5930: Tests: Health and Support Analyzer - Add request log parsing 
utility
Action: opened

PR body:
"""
Tests for Health and Support Analyzer - Add request log parsing utility
Verifies: #5712
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5930/head:pr5930
git checkout pr5930
From 61eed761a165af9df2d4c09509539861a9d2937c Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 21 Dec 2021 00:35:14 +0530
Subject: [PATCH] Tests: Health and Support Analyzer - Add request log parsing
 utility

Verifies: #5712
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670
---
 .../alltests/test_sssctl_analyzer.py  | 175 ++
 1 file changed, 175 insertions(+)
 create mode 100644 src/tests/multihost/alltests/test_sssctl_analyzer.py

diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py
new file mode 100644
index 00..eac79bbb88
--- /dev/null
+++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py
@@ -0,0 +1,175 @@
+"""Automation tests for sssctl analyzer
+:requirement: sssctl analyzer
+:casecomponent: sssd
+:subsystemteam: sst_idm_sssd
+:upstream: yes
+"""
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from sssd.testlib.common.expect import pexpect_ssh
+from sssd.testlib.common.exceptions import SSHLoginException
+from constants import ds_instance_name
+
+
+def analyzer(multihost, req_arg, arg=None):
+if arg is None:
+arg = ''
+cmd1 = f'sssctl analyze {arg} request {req_arg}'
+cmd = multihost.client[0].run_command(cmd1, raiseonerr=False)
+return cmd.returncode, cmd.stdout_text
+
+
+@pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups')
+@pytest.mark.analyzer
+@pytest.mark.tier1_2
+class TestSssctlAnalyzer(object):
+""" sssctl analyze test suite """
+def test_analyzer_list(self, multihost, backupsssdconf):
+"""
+:title: sssctl analyzer list to show captured nss related
+ requests from sssd log
+:id: 95e18ae1-6c4a-4baa-8202-fe33fe82bdec
+:description: sssctl analyzer request list is able to capture the user
+ and group related requests raised when commands like id and getent
+ are executed
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670
+:steps:
+1. Configure sssd to authenticate against directory server
+2. Enable debug_level to 9 in the 'nss', 'pam' and domain section
+3. Restart SSSD with cleared cache
+4. Fetch user and group information using 'id' and 'getent' tools
+5. Run 'sssctl analyzer request list'
+6. Check with sssctl analyzer is listing id and getent instances
+7. sssctl analyzer with subcmd 'show' and request number is listing
+   logs related to that number only
+:expectedresults:
+1. Should succeed
+2. Should succeed
+3. Should succeed
+4. Should succeed
+5. Should succeed
+6. Should succeed
+7. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
+sec = ['nss', 'pam']
+sssd_params = {'debug_level': '9'}
+for section in sec:
+tools.sssd_conf(section, sssd_params, action='update')
+multihost.client[0].service_sssd('start')
+tools.clear_sssd_cache()
+cmd = f'getent group ldapusers@{ds_instance_name}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+cmd = f'id foo1@{ds_instance_name}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+for op in ['list', 'list -v']:
+_, stdout = analyzer(multihost, op)
+assert all(ptn in stdout for ptn in ['id', 'getent'])
+tools.clear_sssd_cache()
+cmd = f'getent passwd foo1@{ds_instance_name}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+for op in ['list', 'list -v']:
+_, stdout = analyzer(multihost, op)
+assert all(ptn in stdout for ptn in ['CID #1', 'getent'])
+
+def test_analyzer_diff_log_location(self, multihost, backupsssdconf):
+"""
+:title: sssctl analyzer able to parse sssd logs from non-default
+ location
+:description: sssctl analyzer should be able to parse the sssd logs
+ from different location or logs from other hos

[SSSD] [sssd PR#5887][-Changes requested] Tests: proxy provider, user's removed secondary group remains in sssd cache

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5887
Title: #5887: Tests: proxy provider, user's removed secondary group remains in 
sssd cache

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5887][synchronized] Tests: proxy provider, user's removed secondary group remains in sssd cache

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5887
Author: shridhargadekar
 Title: #5887: Tests: proxy provider, user's removed secondary group remains in 
sssd cache
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5887/head:pr5887
git checkout pr5887
From aebefbee291a6f5e78476a7185a7691130745f9b Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 23 Nov 2021 20:26:57 +0530
Subject: [PATCH] Tests: Removed secondary group shown in cache

Verifies: #5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
---
 src/tests/multihost/alltests/test_proxy.py | 59 ++
 1 file changed, 59 insertions(+)

diff --git a/src/tests/multihost/alltests/test_proxy.py b/src/tests/multihost/alltests/test_proxy.py
index 038f4e8b11..bdf502c0b0 100644
--- a/src/tests/multihost/alltests/test_proxy.py
+++ b/src/tests/multihost/alltests/test_proxy.py
@@ -80,6 +80,65 @@ def test_0001_1724717(self, multihost):
 multihost.client[0].run_command(del_user)
 multihost.client[0].run_command(restore)
 
+def test_0003_update_removed_grp_membership(self, multihost,
+backupsssdconf):
+"""
+:title: proxy: secondary group is shown in sssd cache after
+ group is removed
+:id: 7cfb9aa9-6e68-4914-afb8-ecfae132aa84
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
+:customerscenario: true
+:steps:
+  1. Edit sssd.conf and configure proxy provider with
+ entry_cache_timeout = 1
+  2. Restart SSSD with cleared cache
+  3. Create a localuser and localgroup
+  4. Add that localuser to the localgroup
+  5. Assert localgroup is shown in localuser's group list
+  6. Remove localuser from localgroup
+  7. Assert that after entry_cache_timeout, localuser's groups
+ are not listing localgroup
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+  6. Should succeed
+  7. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
+domain_name = tools.get_domain_section_name()
+l_usr, l_grp = 'testuser', 'testgroup'
+multihost.client[0].run_command(f'useradd {l_usr}')
+multihost.client[0].run_command(f'groupadd {l_grp}')
+multihost.client[0].run_command(f'usermod -aG {l_grp} {l_usr}')
+domain_params = {'id_provider': 'proxy',
+ 'proxy_lib_name': 'files',
+ 'auth_provider': 'krb5',
+ 'ignore_group_members': 'False',
+ 'cache_credentials': 'True',
+ 'entry_cache_timeout': '1',
+ 'krb5_validate': 'True'}
+tools.sssd_conf('domain/%s' % domain_name, domain_params)
+del_domain_params = {'ldap_uri': 'ldaps:%s' %
+ (multihost.master[0].run_command),
+ 'ldap_tls_cacert':
+ '/etc/openldap/cacerts/cacert.pem',
+ 'ldap_search_base': ds_suffix,
+ 'use_fully_qualified_names': 'True'}
+tools.sssd_conf('domain/%s' % domain_name,
+del_domain_params, action='delete')
+tools.clear_sssd_cache()
+cmd = multihost.client[0].run_command(f'groups {l_usr}')
+assert 'testgroup' in cmd.stdout_text
+multihost.client[0].run_command(f'gpasswd -d {l_usr} {l_grp}')
+time.sleep(1)
+cmd = multihost.client[0].run_command(f'groups {l_usr}')
+multihost.client[0].run_command(f'userdel -rf {l_usr}')
+multihost.client[0].run_command(f'groupdel -f {l_grp}')
+assert 'testgroup' not in cmd.stdout_text
+
 def test_innetgr_threads(self, multihost, backupsssdconf):
 """
 :title: Verify sssd is thread-safe in innetgr
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5887][opened] Tests: proxy provider, user's removed secondary group remains in sssd cache

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5887
Author: shridhargadekar
 Title: #5887: Tests: proxy provider, user's removed secondary group remains in 
sssd cache
Action: opened

PR body:
"""
Verifies: #5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5887/head:pr5887
git checkout pr5887
From 40c698fa67b37e258529f9961b895edd97447bab Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 23 Nov 2021 20:26:57 +0530
Subject: [PATCH] Tests: Removed secondary group shown in cache

Verifies: #5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
---
 src/tests/multihost/alltests/test_proxy.py | 61 ++
 1 file changed, 61 insertions(+)

diff --git a/src/tests/multihost/alltests/test_proxy.py b/src/tests/multihost/alltests/test_proxy.py
index 038f4e8b11..847678b520 100644
--- a/src/tests/multihost/alltests/test_proxy.py
+++ b/src/tests/multihost/alltests/test_proxy.py
@@ -80,6 +80,67 @@ def test_0001_1724717(self, multihost):
 multihost.client[0].run_command(del_user)
 multihost.client[0].run_command(restore)
 
+def test_0003_update_removed_grp_membership(self, multihost,
+backupsssdconf):
+"""
+:title: proxy: secondary group is shown in sssd cache after
+ group is removed
+:id: 7cfb9aa9-6e68-4914-afb8-ecfae132aa84
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
+:customerscenario: true
+:steps:
+  1. Edit sssd.conf and configure proxy provider with
+ entry_cache_timeout = 1
+  2. Restart SSSD with cleared cache
+  3. Create a localuser and localgroup
+  4. Add that localuser to the localgroup
+  5. Assert localgroup is shown in localuser's group list
+  6. Remove localuser from localgroup
+  7. Assert that after entry_cache_timeout, localuser's groups
+ are not listing localgroup
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+  6. Should succeed
+  7. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
+domain_name = tools.get_domain_section_name()
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+l_usr, l_grp = 'testuser', 'testgroup'
+multihost.client[0].run_command(f'useradd {l_usr}')
+multihost.client[0].run_command(f'groupadd {l_grp}')
+multihost.client[0].run_command(f'usermod -aG {l_grp} {l_usr}')
+domain_params = {'id_provider': 'proxy',
+ 'proxy_lib_name': 'files',
+ 'auth_provider': 'krb5',
+ 'ignore_group_members': 'False',
+ 'cache_credentials': 'True',
+ 'entry_cache_timeout': '1',
+ 'krb5_validate': 'True'}
+tools.sssd_conf('domain/%s' % domain_name, domain_params)
+del_domain_params = {'ldap_uri': 'ldaps:%s' %
+ (multihost.master[0].run_command),
+ 'ldap_tls_cacert':
+ '/etc/openldap/cacerts/cacert.pem',
+ 'ldap_search_base': ds_suffix,
+ 'use_fully_qualified_names': 'True'}
+tools.sssd_conf('domain/%s' % domain_name,
+del_domain_params, action='delete')
+multihost.client[0].service_sssd('start')
+cmd = multihost.client[0].run_command(f'groups {l_usr}')
+assert 'testgroup' in cmd.stdout_text
+multihost.client[0].run_command(f'gpasswd -d {l_usr} {l_grp}')
+time.sleep(1)
+cmd = multihost.client[0].run_command(f'groups {l_usr}')
+multihost.client[0].run_command(f'userdel -rf {l_usr}')
+multihost.client[0].run_command(f'groupdel -f {l_grp}')
+assert 'testgroup' not in cmd.stdout_text
+
 def test_innetgr_threads(self, multihost, backupsssdconf):
 """
 :title: Verify sssd is thread-safe in innetgr
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5884][edited] Tests: autofs lookups for unknown mounts are delayed for 50s

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5884
Author: shridhargadekar
 Title: #5884: Tests: autofs lookups for unknown mounts are delayed for 50s 
Action: edited

 Changed field: body
Original value:
"""
Verifies: #5832
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218
"""

 Changed field: title
Original value:
"""
S4042
"""

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5884][opened] S4042

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5884
Author: shridhargadekar
 Title: #5884: S4042
Action: opened

PR body:
"""
Verifies: #5832
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5884/head:pr5884
git checkout pr5884
From 7b43db027a7b371665851c8d8765d5debcb33e4b Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Sat, 20 Nov 2021 03:02:39 +0530
Subject: [PATCH 1/3] Tests: autofs lookups for unknown mounts are delayed for
 50s

Verifies: #5832
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218
---
 .../multihost/alltests/test_automount.py  | 41 +++
 1 file changed, 41 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 4607f14863..173422e900 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -510,3 +510,44 @@ def test_009_maps_after_coming_online(self, multihost, add_nisobject):
 cmd = 'dnf remove -y firewalld'
 multihost.client[0].run_command(cmd, raiseonerr=True)
 assert cmd2 == 0
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1
+def test_010_delay_in_unknown_mnt_pt_lookup_error(self, multihost,
+  add_nisobject):
+"""
+:title: IDM-SSSD-TC: LDAP-Provider: Automount: autofs lookups for
+ unknown mounts are delayed for 50s
+:id: 3dd2b183-3511-460c-aed2-b5fca08879d9
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013218
+:customerscenario: True
+:steps:
+  1. Edit sssd.conf and specify autofs_provider = ldap and restart
+ autofs
+  2. Access /export share
+  3. Access Non-existen mount point
+:expectedresults:
+  1. Should succeed
+  2. /export share should be mounted successfully
+  3. Error for Non-existent share should appear immediately
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+for service in ['sssd', 'autofs']:
+srv = 'systemctl restart %s' % service
+try:
+multihost.client[0].run_command(srv)
+except subprocess.CalledProcessError:
+pytest.fail("Unable to start %s service" % service)
+time.sleep(5)
+try:
+multihost.client[0].run_command(['automount', '-m'])
+except subprocess.CalledProcessError:
+pytest.fail("automount -m command failed")
+nfs_test = 'stat /export/nfs-test'
+cmd = multihost.client[0].run_command(nfs_test, raiseonerr=False)
+assert cmd.returncode == 0
+nfs_test = 'time stat /export/non_existing_nfs'
+tm1 = time.time()
+cmd = multihost.client[0].run_command(nfs_test, raiseonerr=False)
+tm2 = time.time()
+assert cmd.returncode != 0 and tm2 - tm1 <= 4

From 76df5f8fced098157d6ba5ee5eaffa709bdc417c Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Sat, 20 Nov 2021 03:14:49 +0530
Subject: [PATCH 2/3] removed the testcase

---
 .../multihost/alltests/test_automount.py  | 41 ---
 1 file changed, 41 deletions(-)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 173422e900..4607f14863 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -510,44 +510,3 @@ def test_009_maps_after_coming_online(self, multihost, add_nisobject):
 cmd = 'dnf remove -y firewalld'
 multihost.client[0].run_command(cmd, raiseonerr=True)
 assert cmd2 == 0
-
-@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
-@pytest.mark.tier1
-def test_010_delay_in_unknown_mnt_pt_lookup_error(self, multihost,
-  add_nisobject):
-"""
-:title: IDM-SSSD-TC: LDAP-Provider: Automount: autofs lookups for
- unknown mounts are delayed for 50s
-:id: 3dd2b183-3511-460c-aed2-b5fca08879d9
-:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013218
-:customerscenario: True
-:steps:
-  1. Edit sssd.conf and specify autofs_provider = ldap and restart
- autofs
-  2. Access /export share
-  3. Access Non-existen mount point
-:expectedresults:
-  1. Should succeed
-  2. /export share should be mounted successfully
-  3. Erro

[SSSD] [sssd PR#5884][+Tests] S4042

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5884
Title: #5884: S4042

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5843][comment] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5843
Title: #5843: Tests: pam_sss_gss.so doesn't work with large kerberos tickets 
#5815

shridhargadekar commented:
"""
Passed testruns
https://gitlab.cee.redhat.com/sssd/sssd-qe/-/jobs/4851132
https://gitlab.cee.redhat.com/sssd/sssd-qe/-/merge_requests/1387

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5843#issuecomment-952938214
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5843][+Tests] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5843
Title: #5843: Tests: pam_sss_gss.so doesn't work with large kerberos tickets 
#5815

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5843][opened] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5843
Author: shridhargadekar
 Title: #5843: Tests: pam_sss_gss.so doesn't work with large kerberos tickets 
#5815
Action: opened

PR body:
"""
Verifies: #5568
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5843/head:pr5843
git checkout pr5843
From 2f7a7102a9b0325da96931f8722f577ae74284a0 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 27 Oct 2021 13:31:13 +0530
Subject: [PATCH] Tests: pam_sss_gss.so doesn't work with large kerberos
 tickets #5815

Verifies: #5568
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
---
 src/tests/multihost/ipa/test_adtrust.py | 86 +
 1 file changed, 86 insertions(+)

diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py
index b3dae24700..64ff28aa3c 100644
--- a/src/tests/multihost/ipa/test_adtrust.py
+++ b/src/tests/multihost/ipa/test_adtrust.py
@@ -9,7 +9,9 @@
 import re
 import time
 import pytest
+import paramiko
 from sssd.testlib.common.utils import sssdTools
+from sssd.testlib.common.utils import SSHClient
 
 
 @pytest.mark.usefixtures('setup_ipa_client')
@@ -27,6 +29,90 @@ def test_basic_sssctl_list(self, multihost):
 mylist = cmd.stdout_text.split()
 assert ad_domain_name in mylist
 
+def test_pam_sss_gss_handle_large_krb_ticket(self, multihost,
+ create_aduser_group):
+"""
+:title: Verify pam_sss_gss.so can handle large kerberos ticket
+for sudo
+:id: 456ea53b-6702-4b8e-beb1-eee841b85fed
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
+:steps:
+ 1. Add sudo rule in IPA-server for AD-users
+ 2. Modify /etc/krb5.conf.d/kcm_default_ccache to specify location
+of storing a TGT
+ 3. Enable pam_sss_gss.so for auth in /etc/pam.d/{sudo,sudo-i} files
+ 4. Add a sudo rule for AD-user
+ 5. Log in on ipa-client as AD-user
+ 6. Run kinit and fetch tgt
+ 7. Run sudo command
+ 8. Remove sudo cache
+ 9. Run sudo command again
+:expectedresults:
+ 1. Should succeed
+ 2. Should succeed
+ 3. Should succeed
+ 4. Should succeed
+ 5. Should succeed
+ 6. Should succeed
+ 7. Should not ask password, and should succeed
+ 8. Should succeed
+ 9. Should not ask password, and should succeed
+
+"""
+(aduser, adgroup) = create_aduser_group
+ad_dmn_name = multihost.ad[0].domainname
+fq_aduser = f'{aduser}@{ad_dmn_name}'
+client = sssdTools(multihost.client[0], multihost.ad[0])
+ipaserver = sssdTools(multihost.master[0])
+cmd = 'dnf install -y sssd sssd-kcm'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+domain_name = ipaserver.get_domain_section_name()
+domain_section = 'domain/{}'.format(domain_name)
+params = {'pam_gssapi_services': 'sudo, sudo-i'}
+client.sssd_conf(domain_section, params)
+krbkcm = '/etc/krb5.conf.d/kcm_default_ccache'
+bk_krbkcm = '/tmp/kcm_default_ccache'
+multihost.client[0].run_command(f'cp {krbkcm} {bk_krbkcm}')
+cmd = "echo -e  '[libdefaults]\n' \
+  'default_ccache_name  = FILE:/tmp/krb5cc_%{uid}:'"
+multihost.client[0].run_command(cmd, raiseonerr=False)
+multihost.client[0].service_sssd('restart')
+pam_sss_gss = "auth   sufficient   pam_sss_gss.so debug"
+for pam_file in "/etc/pam.d/sudo-i", "/etc/pam.d/sudo":
+cmd = f'sed -i "1 i {pam_sss_gss}" {pam_file}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+cmd = f'echo "{fq_aduser} ALL=(ALL) ALL" >> /etc/sudoers'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+log = re.compile(f'.*System.*error.*Broken.*pipe.*')
+try:
+ssh = SSHClient(multihost.client[0].ip,
+username=f'{fq_aduser}',
+password='Secret123')
+except paramiko.ssh_exception.AuthenticationException:
+pytest.fail(f'{aduser} failed to login')
+else:
+(_, _, exit_status) = ssh.execute_cmd(f'kinit {fq_aduser}',
+  stdin='Secret123')
+assert exit_status == 0
+(stdout, _, exit_status) = ssh.execute_cmd('sudo -l')
+assert exit_status == 0
+ 

[SSSD] [sssd PR#5813][closed] Tests: files provider automation

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5813
Author: shridhargadekar
 Title: #5813: Tests: files provider automation
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5813/head:pr5813
git checkout pr5813
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5817][closed] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5817
Author: shridhargadekar
 Title: #5817: Tests: pam_sss_gss.so doesn't work with large kerberos tickets 
#5815
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5817/head:pr5817
git checkout pr5817
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5817][+Tests] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5817
Title: #5817: Tests: pam_sss_gss.so doesn't work with large kerberos tickets 
#5815

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5817][opened] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5817
Author: shridhargadekar
 Title: #5817: Tests: pam_sss_gss.so doesn't work with large kerberos tickets 
#5815
Action: opened

PR body:
"""
Verifies: #5568
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5817/head:pr5817
git checkout pr5817
From 119794f2ef5492dcaa82c3ecd004416c0ee26b04 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 6 Oct 2021 18:49:05 +0530
Subject: [PATCH] Tests: pam_sss_gss.so doesn't work with large kerberos
 tickets #5815

Verifies: #5568
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
---
 src/tests/multihost/ipa/test_adtrust.py | 76 +
 1 file changed, 76 insertions(+)

diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py
index b3dae24700..d5f039b0f6 100644
--- a/src/tests/multihost/ipa/test_adtrust.py
+++ b/src/tests/multihost/ipa/test_adtrust.py
@@ -292,3 +292,79 @@ def test_nss_get_by_name_with_private_group(self, multihost):
 assert cmd_adm.returncode == 0, 'Something wrong with setup!'
 assert cmd_usr.returncode == 0, \
 f"pysss_nss_idmap.getsidbyname for {username} failed"
+
+def test_sudo_kerberos_ticket(self, multihost, create_aduser_group):
+"""
+:title: Verify pam_sss_gss.so can handle large kerberos ticket
+for sudo
+:id: 456ea53b-6702-4b8e-beb1-eee841b85fed
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
+:steps:
+ 1. Add sudo rule in IPA-server for AD-users
+ 2. Modify /etc/krb5.conf.d/kcm_default_ccache to specify location
+of storing a TGT
+ 3. Enable pam_sss_gss.so for auth in /etc/pam.d/{sudo,sudo-i} files
+ 4. Add a sudo rule for AD-user
+ 5. Log in on ipa-client as AD-user
+ 6. Run kinit and fetch tgt
+ 7. Run sudo command
+ 8. Remove sudo cache
+ 9. Run sudo command again
+ :expectedresults:
+ 1. Should succeed
+ 2. Should succeed
+ 3. Should succeed
+ 4. Should succeed
+ 5. Should succeed
+ 6. Should succeed
+ 7. Should not ask password, and should succeed
+ 8. Should succeed
+ 9. Should not ask password, and should succeed
+"""
+(aduser, adgroup) = create_aduser_group
+client = sssdTools(multihost.client[0], multihost.ad[0])
+ipaserver = sssdTools(multihost.master[0])
+cmd = 'dnf install -y sssd sssd-kcm'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+domain_name = ipaserver.get_domain_section_name()
+domain_section = 'domain/{}'.format(domain_name)
+params = {'pam_gssapi_services': 'sudo, sudo-i'}
+client.sssd_conf(domain_section, params)
+krbkcm = '/etc/krb5.conf.d/kcm_default_ccache'
+bk_krbkcm = '/tmp/kcm_default_ccache'
+src = 'KCM:'
+dest = 'FILE:/tmp/krb5cc_%{uid}'
+multihost.client[0].run_command(f'cp {krbkcm} {bk_krbkcm}')
+cmd = "echo -e  '[libdefaults]\n' \
+  'default_ccache_name  = FILE:/tmp/krb5cc_%{uid}:'"
+multihost.client[0].run_command(cmd, raiseonerr=False)
+multihost.client[0].service_sssd('restart')
+pam_sss_gss = "auth   sufficient   pam_sss_gss.so debug"
+for pam_file in "/etc/pam.d/sudo-i", "/etc/pam.d/sudo":
+cmd = f'sed -i "1 i\{pam_sss_gss}" {pam_file}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+cmd = f'echo "{aduser} ALL=(ALL) ALL" >> /etc/sudoers'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+try:
+ssh = SSHClient(multihost.client[0].sys_hostname,
+username=aduser, password='Secret123')
+
+except paramiko.ssh_exception.AuthenticationException:
+pytest.fail(f'{aduser} failed to login')
+else:
+(_, _, exit_status) = ssh.execute_cmd(f'kinit {aduser}',
+  stdin='Secret123')
+assert exit_status == 0
+(stdout, _, exit_status) = ssh.execute_cmd('sudo id')
+assert 'uid=0(root)' in stdout.readlines()
+(stdout, _, exit_status) = ssh.execute_cmd('sudo -k')
+(stdout, _, exit_status) = ssh.execute_cmd('sudo -l')
+assert '(ALL) ALL' in stdout.readlines()
+client.sssd_conf(domain_section, params, act

[SSSD] [sssd PR#5815][closed] Tests: pam_sss_gss.so doesn't work with large kerberos tickets

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5815
Author: shridhargadekar
 Title: #5815: Tests: pam_sss_gss.so doesn't work with large kerberos tickets
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5815/head:pr5815
git checkout pr5815
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5815][opened] Tests: pam_sss_gss.so doesn't work with large kerberos tickets

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5815
Author: shridhargadekar
 Title: #5815: Tests: pam_sss_gss.so doesn't work with large kerberos tickets
Action: opened

PR body:
"""
Verifies: #5568
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5815/head:pr5815
git checkout pr5815
From 51cd0a66a207603d70e5d754d4c1e80a62894bb3 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 6 Oct 2021 18:42:03 +0530
Subject: [PATCH] Tests: pam_sss_gss.so doesn't work with large kerberos
 tickets

Verifies: #5568
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
---
 src/tests/multihost/ipa/test_adtrust.py | 78 +
 1 file changed, 78 insertions(+)

diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py
index 061199b466..2ca5e0fae4 100644
--- a/src/tests/multihost/ipa/test_adtrust.py
+++ b/src/tests/multihost/ipa/test_adtrust.py
@@ -104,3 +104,81 @@ def test_honour_idoverride(self, multihost, create_aduser_group):
 multihost.master[0].run_command(delete_id_view)
 ipa_client.clear_sssd_cache()
 assert count == 0
+
+
+def test_sudo_kerberos_ticket(self, multihost, create_aduser_group):
+"""
+:title: Verify pam_sss_gss.so can handle large kerberos ticket
+for sudo
+:id: 456ea53b-6702-4b8e-beb1-eee841b85fed
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1948657
+:steps:
+ 1. Add sudo rule in IPA-server for AD-users
+ 2. Modify /etc/krb5.conf.d/kcm_default_ccache to specify location
+of storing a TGT
+ 3. Enable pam_sss_gss.so for auth in /etc/pam.d/{sudo,sudo-i} files
+ 4. Add a sudo rule for AD-user
+ 5. Log in on ipa-client as AD-user
+ 6. Run kinit and fetch tgt
+ 7. Run sudo command
+ 8. Remove sudo cache
+ 9. Run sudo command again
+ :expectedresults:
+ 1. Should succeed
+ 2. Should succeed
+ 3. Should succeed
+ 4. Should succeed
+ 5. Should succeed
+ 6. Should succeed
+ 7. Should not ask password, and should succeed
+ 8. Should succeed
+ 9. Should not ask password, and should succeed
+
+"""
+(aduser, adgroup) = create_aduser_group
+client = sssdTools(multihost.client[0], multihost.ad[0])
+ipaserver = sssdTools(multihost.master[0])
+cmd = 'dnf install -y sssd sssd-kcm'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+domain_name = ipaserver.get_domain_section_name()
+domain_section = 'domain/{}'.format(domain_name)
+params = {'pam_gssapi_services': 'sudo, sudo-i'}
+client.sssd_conf(domain_section, params)
+krbkcm = '/etc/krb5.conf.d/kcm_default_ccache'
+bk_krbkcm = '/tmp/kcm_default_ccache'
+src = 'KCM:'
+dest = 'FILE:/tmp/krb5cc_%{uid}'
+multihost.client[0].run_command(f'cp {krbkcm} {bk_krbkcm}')
+cmd = "echo -e  '[libdefaults]\n' \
+  'default_ccache_name  = FILE:/tmp/krb5cc_%{uid}:'"
+multihost.client[0].run_command(cmd, raiseonerr=False)
+multihost.client[0].service_sssd('restart')
+pam_sss_gss = "auth   sufficient   pam_sss_gss.so debug"
+for pam_file in "/etc/pam.d/sudo-i", "/etc/pam.d/sudo":
+cmd = f'sed -i "1 i\{pam_sss_gss}" {pam_file}'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+cmd = f'echo "{aduser} ALL=(ALL) ALL" >> /etc/sudoers'
+multihost.client[0].run_command(cmd, raiseonerr=False)
+try:
+ssh = SSHClient(multihost.client[0].sys_hostname,
+username=aduser, password='Secret123')
+
+except paramiko.ssh_exception.AuthenticationException:
+pytest.fail(f'{aduser} failed to login')
+else:
+(_, _, exit_status) = ssh.execute_cmd(f'kinit {aduser}',
+  stdin='Secret123')
+assert exit_status == 0
+(stdout, _, exit_status) = ssh.execute_cmd('sudo id')
+assert 'uid=0(root)' in stdout.readlines()
+(stdout, _, exit_status) = ssh.execute_cmd('sudo -k')
+(stdout, _, exit_status) = ssh.execute_cmd('sudo -l')
+assert '(ALL) ALL' in stdout.readlines()
+client.sssd_conf(domain_section, params, action='delete')
+for p

[SSSD] [sssd PR#5813][+Tests] Tests: files provider automation

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5813
Title: #5813: Tests: files provider automation

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5813][synchronized] Tests: files provider automation

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5813
Author: shridhargadekar
 Title: #5813: Tests: files provider automation
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5813/head:pr5813
git checkout pr5813
From ce347a00257e2f670d97a24e7904be612dad69ac Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 6 Oct 2021 17:52:07 +0530
Subject: [PATCH] Tests: files provider automation

verifies: #4295
---
 src/tests/multihost/alltests/conftest.py   |  44 +++
 src/tests/multihost/alltests/test_files.py | 379 +
 2 files changed, 423 insertions(+)
 create mode 100644 src/tests/multihost/alltests/test_files.py

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..be29bb49be 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -371,6 +371,28 @@ def remove_keys():
 request.addfinalizer(remove_keys)
 
 
+@pytest.fixture(scope="function")
+def local_useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
 @pytest.fixture(scope='function')
 def enable_multiple_responders(session_multihost, request):
 """ Enable multiple responders to sssd services """
@@ -798,6 +820,28 @@ def removesssd():
 request.addfinalizer(removesssd)
 
 
+@pytest.fixture(scope='class')
+def setup_sssd_files(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(removeconf)
+request.addfinalizer(removesssd)
+
+
 @pytest.fixture(scope="class")
 def multihost(session_multihost, request):
 """ Multihost fixture to be used by tests
diff --git a/src/tests/multihost/alltests/test_files.py b/src/tests/multihost/alltests/test_files.py
new file mode 100644
index 00..20ece93805
--- /dev/null
+++ b/src/tests/multihost/alltests/test_files.py
@@ -0,0 +1,379 @@
+from __future__ import print_function
+import pdb
+import re
+import subprocess
+import time
+from sssd.testlib.common.utils import sssdTools
+
+
+def getent_sss(multihost, obj, db):
+gtnt = f'getent {db} -s sss {obj}'
+cmd = multihost.client[0].run_command(gtnt, raiseonerr=False)
+return cmd.returncode, cmd.stdout_text
+
+
+def run_cmd(multihost, arg):
+cmd = multihost.client[0].run_command(arg, raiseonerr=False)
+return cmd.returncode, cmd.stdout_text
+
+
+@pytest.mark.usefixtures("setup_sssd_files")
+@pytest.mark.filesprovider
+@pytest.mark.tier1_2
+class TestFilesProvider(object):
+" This is a test case class for files-provider"
+def test_001_local_usr_caching(self, multihost, local_useradd):
+"""
+:Title: local user caching with files-provider
+:id: fa12373b-8285-4fca-afe1-5e544fd58674
+:customerscenario: false
+:steps:
+1. Create an unprivileged user
+2. User details are returned from sss_cache
+:expectedresults:
+1. Should succeed
+2. Should succeed
+"""
+multihost.client[0].service_sssd('start')
+exit_status, ot = getent_sss(multihost, 'test1', "passwd")
+assert exit_status == 0
+
+def test_002

[SSSD] [sssd PR#5813][opened] Tests: files provider automation

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5813
Author: shridhargadekar
 Title: #5813: Tests: files provider automation
Action: opened

PR body:
"""
verifies: #4295
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5813/head:pr5813
git checkout pr5813
From ed4a94db16b8ceb573784da4ea54411899dfb3be Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 6 Oct 2021 17:52:07 +0530
Subject: [PATCH] Tests: files provider automation

verifies: #4295
---
 src/tests/multihost/alltests/conftest.py   |  44 +++
 src/tests/multihost/alltests/test_files.py | 382 +
 2 files changed, 426 insertions(+)
 create mode 100644 src/tests/multihost/alltests/test_files.py

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..be29bb49be 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -371,6 +371,28 @@ def remove_keys():
 request.addfinalizer(remove_keys)
 
 
+@pytest.fixture(scope="function")
+def local_useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
 @pytest.fixture(scope='function')
 def enable_multiple_responders(session_multihost, request):
 """ Enable multiple responders to sssd services """
@@ -798,6 +820,28 @@ def removesssd():
 request.addfinalizer(removesssd)
 
 
+@pytest.fixture(scope='class')
+def setup_sssd_files(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(removeconf)
+request.addfinalizer(removesssd)
+
+
 @pytest.fixture(scope="class")
 def multihost(session_multihost, request):
 """ Multihost fixture to be used by tests
diff --git a/src/tests/multihost/alltests/test_files.py b/src/tests/multihost/alltests/test_files.py
new file mode 100644
index 00..65b9decf48
--- /dev/null
+++ b/src/tests/multihost/alltests/test_files.py
@@ -0,0 +1,382 @@
+from __future__ import print_function
+import pdb
+import re
+import subprocess
+import time
+from sssd.testlib.common.utils import sssdTools
+
+
+def getent_sss(multihost, obj, db):
+gtnt = f'getent {db} -s sss {obj}'
+cmd = multihost.client[0].run_command(gtnt, raiseonerr=False)
+return cmd.returncode, cmd.stdout_text
+
+
+def run_cmd(multihost, arg):
+cmd = multihost.client[0].run_command(arg, raiseonerr=False)
+return cmd.returncode, cmd.stdout_text
+
+
+@pytest.mark.usefixtures("setup_sssd_files")
+@pytest.mark.filesprovider
+@pytest.mark.tier1
+class TestFilesProvider(object):
+" This is a test case class for files-provider"
+def test_001_local_usr_caching(self, multihost, local_useradd):
+"""
+:Title: local user caching with files-provider
+:id: fa12373b-8285-4fca-afe1-5e544fd58674
+:customerscenario: false
+:steps:
+1. Create an unprivileged user
+2. User details are returned from sss_cache
+:expectedresults:
+1. Should succeed
+2. Should succeed
+"""
+multihost.client[0].service_sssd('start')
+exit_status, ot = getent_sss(multihost, 'test1', "passwd")
+

[SSSD] [sssd PR#5806][closed] Tests: files provider testcases

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5806
Author: shridhargadekar
 Title: #5806: Tests: files provider testcases
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5806/head:pr5806
git checkout pr5806
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5806][comment] Tests: files provider testcases

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5806
Title: #5806: Tests: files provider testcases

shridhargadekar commented:
"""
Code will be rearranged in the alltests instead of a separate dir.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5806#issuecomment-935790326
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5806
Author: shridhargadekar
 Title: #5806: Tests: files provider testcases
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5806/head:pr5806
git checkout pr5806
From dcb4b3575a6804d241a63a716d9e3a3d76383e89 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 5 Oct 2021 00:13:38 +0530
Subject: [PATCH] verifies: ##4295 bugzilla:

---
 src/tests/multihost/files/conftest.py |  97 +
 .../multihost/files/test_files_provider.py| 382 ++
 2 files changed, 479 insertions(+)
 create mode 100644 src/tests/multihost/files/conftest.py
 create mode 100644 src/tests/multihost/files/test_files_provider.py

diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py
new file mode 100644
index 00..5e405839ac
--- /dev/null
+++ b/src/tests/multihost/files/conftest.py
@@ -0,0 +1,97 @@
+"""conftest.py for all tests"""
+
+from __future__ import print_function
+import subprocess
+import os
+import time
+import posixpath
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from subprocess import CalledProcessError
+from pytest_multihost import make_multihost_fixture
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.qe_class import create_testdir
+from datetime import datetime, timedelta
+
+
+def pytest_configure():
+""" Namespace hook to add below dict in the pytest namespace """
+pytest.num_masters = 0
+pytest.num_ad = 0
+pytest.num_atomic = 0
+pytest.num_replicas = 0
+pytest.num_clients = 1
+pytest.num_others = 0
+
+
+
+@pytest.fixture(scope="function")
+def useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+""" Backup and restore sssd.conf """
+bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(bkup)
+session_multihost.client[0].service_sssd('stop')
+
+def restoresssdconf():
+""" Restore sssd.conf """
+restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(restore)
+request.addfinalizer(restoresssdconf)
+#+++
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+""" Multihost fixture to be used by tests
+:param obj session_multihost: multihost object
+:return obj session_multihost: return multihost object
+"""
+if hasattr(request.cls(), 'class_setup'):
+request.cls().class_setup(session_multihost)
+request.addfinalizer(
+lambda: request.cls().class_teardown(session_multihost))
+return session_multihost
+
+
+@pytest.fixture(scope='class')
+def setup_sssd(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(removeconf)
+request.addfinalizer(removesssd)
diff --git 

[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5806
Author: shridhargadekar
 Title: #5806: Tests: files provider testcases
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5806/head:pr5806
git checkout pr5806
From af2d61f0c34b1b5bf5123c01a19e9f32b7943875 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 5 Oct 2021 00:13:38 +0530
Subject: [PATCH] verifies: ##4295 bugzilla:

---
 src/tests/multihost/files/conftest.py |  97 +
 .../multihost/files/test_files_provider.py| 354 ++
 2 files changed, 451 insertions(+)
 create mode 100644 src/tests/multihost/files/conftest.py
 create mode 100644 src/tests/multihost/files/test_files_provider.py

diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py
new file mode 100644
index 00..5e405839ac
--- /dev/null
+++ b/src/tests/multihost/files/conftest.py
@@ -0,0 +1,97 @@
+"""conftest.py for all tests"""
+
+from __future__ import print_function
+import subprocess
+import os
+import time
+import posixpath
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from subprocess import CalledProcessError
+from pytest_multihost import make_multihost_fixture
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.qe_class import create_testdir
+from datetime import datetime, timedelta
+
+
+def pytest_configure():
+""" Namespace hook to add below dict in the pytest namespace """
+pytest.num_masters = 0
+pytest.num_ad = 0
+pytest.num_atomic = 0
+pytest.num_replicas = 0
+pytest.num_clients = 1
+pytest.num_others = 0
+
+
+
+@pytest.fixture(scope="function")
+def useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+""" Backup and restore sssd.conf """
+bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(bkup)
+session_multihost.client[0].service_sssd('stop')
+
+def restoresssdconf():
+""" Restore sssd.conf """
+restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(restore)
+request.addfinalizer(restoresssdconf)
+#+++
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+""" Multihost fixture to be used by tests
+:param obj session_multihost: multihost object
+:return obj session_multihost: return multihost object
+"""
+if hasattr(request.cls(), 'class_setup'):
+request.cls().class_setup(session_multihost)
+request.addfinalizer(
+lambda: request.cls().class_teardown(session_multihost))
+return session_multihost
+
+
+@pytest.fixture(scope='class')
+def setup_sssd(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(removeconf)
+request.addfinalizer(removesssd)
diff --git 

[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5806
Author: shridhargadekar
 Title: #5806: Tests: files provider testcases
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5806/head:pr5806
git checkout pr5806
From df65d350fd08e9c820e6a0f52197df14d98c913e Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 5 Oct 2021 00:13:38 +0530
Subject: [PATCH] verifies: ##4295 bugzilla:

---
 src/tests/multihost/files/conftest.py |  97 +
 .../multihost/files/test_files_provider.py| 351 ++
 2 files changed, 448 insertions(+)
 create mode 100644 src/tests/multihost/files/conftest.py
 create mode 100644 src/tests/multihost/files/test_files_provider.py

diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py
new file mode 100644
index 00..5e405839ac
--- /dev/null
+++ b/src/tests/multihost/files/conftest.py
@@ -0,0 +1,97 @@
+"""conftest.py for all tests"""
+
+from __future__ import print_function
+import subprocess
+import os
+import time
+import posixpath
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from subprocess import CalledProcessError
+from pytest_multihost import make_multihost_fixture
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.qe_class import create_testdir
+from datetime import datetime, timedelta
+
+
+def pytest_configure():
+""" Namespace hook to add below dict in the pytest namespace """
+pytest.num_masters = 0
+pytest.num_ad = 0
+pytest.num_atomic = 0
+pytest.num_replicas = 0
+pytest.num_clients = 1
+pytest.num_others = 0
+
+
+
+@pytest.fixture(scope="function")
+def useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+""" Backup and restore sssd.conf """
+bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(bkup)
+session_multihost.client[0].service_sssd('stop')
+
+def restoresssdconf():
+""" Restore sssd.conf """
+restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(restore)
+request.addfinalizer(restoresssdconf)
+#+++
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+""" Multihost fixture to be used by tests
+:param obj session_multihost: multihost object
+:return obj session_multihost: return multihost object
+"""
+if hasattr(request.cls(), 'class_setup'):
+request.cls().class_setup(session_multihost)
+request.addfinalizer(
+lambda: request.cls().class_teardown(session_multihost))
+return session_multihost
+
+
+@pytest.fixture(scope='class')
+def setup_sssd(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(removeconf)
+request.addfinalizer(removesssd)
diff --g

[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5806
Author: shridhargadekar
 Title: #5806: Tests: files provider testcases
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5806/head:pr5806
git checkout pr5806
From 9c3a9053db7d1ba59dde86a521d427b7284fc257 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 5 Oct 2021 00:13:38 +0530
Subject: [PATCH] verifies: ##4295 bugzilla:

---
 src/tests/multihost/files/conftest.py |  97 ++
 .../multihost/files/test_files_provider.py| 279 ++
 2 files changed, 376 insertions(+)
 create mode 100644 src/tests/multihost/files/conftest.py
 create mode 100644 src/tests/multihost/files/test_files_provider.py

diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py
new file mode 100644
index 00..5e405839ac
--- /dev/null
+++ b/src/tests/multihost/files/conftest.py
@@ -0,0 +1,97 @@
+"""conftest.py for all tests"""
+
+from __future__ import print_function
+import subprocess
+import os
+import time
+import posixpath
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from subprocess import CalledProcessError
+from pytest_multihost import make_multihost_fixture
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.qe_class import create_testdir
+from datetime import datetime, timedelta
+
+
+def pytest_configure():
+""" Namespace hook to add below dict in the pytest namespace """
+pytest.num_masters = 0
+pytest.num_ad = 0
+pytest.num_atomic = 0
+pytest.num_replicas = 0
+pytest.num_clients = 1
+pytest.num_others = 0
+
+
+
+@pytest.fixture(scope="function")
+def useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+""" Backup and restore sssd.conf """
+bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(bkup)
+session_multihost.client[0].service_sssd('stop')
+
+def restoresssdconf():
+""" Restore sssd.conf """
+restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(restore)
+request.addfinalizer(restoresssdconf)
+#+++
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+""" Multihost fixture to be used by tests
+:param obj session_multihost: multihost object
+:return obj session_multihost: return multihost object
+"""
+if hasattr(request.cls(), 'class_setup'):
+request.cls().class_setup(session_multihost)
+request.addfinalizer(
+lambda: request.cls().class_teardown(session_multihost))
+return session_multihost
+
+
+@pytest.fixture(scope='class')
+def setup_sssd(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(removeconf)
+request.addfinalizer(removesssd)
diff --g

[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5806
Author: shridhargadekar
 Title: #5806: Tests: files provider testcases
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5806/head:pr5806
git checkout pr5806
From 85d6e06d1d0ea1bc338b840a44b2c37b58163e84 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 5 Oct 2021 00:13:38 +0530
Subject: [PATCH] verifies: ##4295 bugzilla:

---
 src/tests/multihost/files/conftest.py |  97 ++
 .../multihost/files/test_files_provider.py| 280 ++
 2 files changed, 377 insertions(+)
 create mode 100644 src/tests/multihost/files/conftest.py
 create mode 100644 src/tests/multihost/files/test_files_provider.py

diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py
new file mode 100644
index 00..5e405839ac
--- /dev/null
+++ b/src/tests/multihost/files/conftest.py
@@ -0,0 +1,97 @@
+"""conftest.py for all tests"""
+
+from __future__ import print_function
+import subprocess
+import os
+import time
+import posixpath
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from subprocess import CalledProcessError
+from pytest_multihost import make_multihost_fixture
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.qe_class import create_testdir
+from datetime import datetime, timedelta
+
+
+def pytest_configure():
+""" Namespace hook to add below dict in the pytest namespace """
+pytest.num_masters = 0
+pytest.num_ad = 0
+pytest.num_atomic = 0
+pytest.num_replicas = 0
+pytest.num_clients = 1
+pytest.num_others = 0
+
+
+
+@pytest.fixture(scope="function")
+def useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+""" Backup and restore sssd.conf """
+bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(bkup)
+session_multihost.client[0].service_sssd('stop')
+
+def restoresssdconf():
+""" Restore sssd.conf """
+restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(restore)
+request.addfinalizer(restoresssdconf)
+#+++
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+""" Multihost fixture to be used by tests
+:param obj session_multihost: multihost object
+:return obj session_multihost: return multihost object
+"""
+if hasattr(request.cls(), 'class_setup'):
+request.cls().class_setup(session_multihost)
+request.addfinalizer(
+lambda: request.cls().class_teardown(session_multihost))
+return session_multihost
+
+
+@pytest.fixture(scope='class')
+def setup_sssd(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(removeconf)
+request.addfinalizer(removesssd)
diff --git

[SSSD] [sssd PR#5806][+RFE] Tests: files provider testcases

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5806
Title: #5806: Tests: files provider testcases

Label: +RFE
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5806][+Tests] Tests: files provider testcases

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5806
Title: #5806: Tests: files provider testcases

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5806][opened] Tests: files provider testcases

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5806
Author: shridhargadekar
 Title: #5806: Tests: files provider testcases
Action: opened

PR body:
"""
verifies: #4295
bugzilla:
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5806/head:pr5806
git checkout pr5806
From f6fd5a876182477746a8e0664e79ae43fc24d1ed Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 5 Oct 2021 00:13:38 +0530
Subject: [PATCH] verifies: ##4295 bugzilla:

---
 src/tests/multihost/files/conftest.py |  97 ++
 .../multihost/files/test_files_provider.py| 280 ++
 2 files changed, 377 insertions(+)
 create mode 100644 src/tests/multihost/files/conftest.py
 create mode 100644 src/tests/multihost/files/test_files_provider.py

diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py
new file mode 100644
index 00..5e405839ac
--- /dev/null
+++ b/src/tests/multihost/files/conftest.py
@@ -0,0 +1,97 @@
+"""conftest.py for all tests"""
+
+from __future__ import print_function
+import subprocess
+import os
+import time
+import posixpath
+import pytest
+from sssd.testlib.common.utils import sssdTools
+from subprocess import CalledProcessError
+from pytest_multihost import make_multihost_fixture
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.qe_class import create_testdir
+from datetime import datetime, timedelta
+
+
+def pytest_configure():
+""" Namespace hook to add below dict in the pytest namespace """
+pytest.num_masters = 0
+pytest.num_ad = 0
+pytest.num_atomic = 0
+pytest.num_replicas = 0
+pytest.num_clients = 1
+pytest.num_others = 0
+
+
+
+@pytest.fixture(scope="function")
+def useradd(session_multihost, request):
+tool = sssdTools(session_multihost.client[0])
+users = ['test1', 'user1']
+groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3']
+for user in users:
+cmd = f'useradd {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupadd {grp}'
+session_multihost.client[0].run_command(cmd)
+
+def remove_local_users():
+for user in users:
+cmd = f'userdel -rf {user}'
+session_multihost.client[0].run_command(cmd)
+for grp in groups:
+cmd = f'groupdel {grp}'
+session_multihost.client[0].run_command(cmd)
+request.addfinalizer(remove_local_users)
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+""" Backup and restore sssd.conf """
+bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(bkup)
+session_multihost.client[0].service_sssd('stop')
+
+def restoresssdconf():
+""" Restore sssd.conf """
+restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+session_multihost.client[0].run_command(restore)
+request.addfinalizer(restoresssdconf)
+#+++
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+""" Multihost fixture to be used by tests
+:param obj session_multihost: multihost object
+:return obj session_multihost: return multihost object
+"""
+if hasattr(request.cls(), 'class_setup'):
+request.cls().class_setup(session_multihost)
+request.addfinalizer(
+lambda: request.cls().class_teardown(session_multihost))
+return session_multihost
+
+
+@pytest.fixture(scope='class')
+def setup_sssd(session_multihost, request):
+""" Configure sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+sssd_params = {'domains': 'files'}
+tools.sssd_conf('sssd', sssd_params)
+domain_section = 'domain/%s' % 'files'
+domain_params = { 'id_provider': 'files',
+ 'debug_level': '9'}
+tools.sssd_conf(domain_section, domain_params)
+start_sssd = 'systemctl start sssd'
+session_multihost.client[0].run_command(start_sssd)
+
+def removesssd():
+""" Remove sssd configuration """
+stop_sssd = 'systemctl stop sssd'
+session_multihost.client[0].run_command(stop_sssd)
+removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF)
+session_multihost.client[0].r

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From eb86433f43b80745dc2e3496274032bb4bc7de37 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 37 +++--
 src/tests/multihost/alltests/test_sudo.py | 66 +--
 2 files changed, 94 insertions(+), 9 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..124a238e36 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,11 +424,38 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}'
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = f'ou=sudoers,{ds_suffix}'
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = f'domain/{ds_instance_name}'
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
-ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
-sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}'
+sudo_ou = f'ou=sudoers,{ds_suffix}'
 ds_rootdn = 'cn=Directory Manager'
 ds_rootpw = 'Secret123'
 ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
@@ -439,12 +466,12 @@ def sudo_rule(session_multihost, request):
 sudo_options = ["!requiretty", "!authenticate"]
 sudo_cmd = '/usr/bin/head'
 sudo_user = 'foo1'
-rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+rule_dn = f'cn={sudo_cmd},{sudo_ou}'
 try:
 ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
 sudo_user, sudo_options)
 except LdapException:
-pytest.fail("Failed to add sudo rule %s" % rule_dn)
+pytest.fail(f"Failed to add sudo rule {rule_dn}")
 else:
 extra_user = 'foo2'
 add_extra = [(ldap.MOD_ADD,  'sudoUser',
@@ -454,7 +481,7 @@ def sudo_rule(session_multihost, request):
 
 def del_sudo_rule():
 """ Delete sudo rule  """
-rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+rule_dn = f'cn={sudo_cmd},{sudo_ou}'
 (_, _) = ldap_inst.del_dn(rule_dn)
 (ret, _) = ldap_inst.del_dn(sudo_ou)
 assert ret == 'Success'
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..7bffc194df 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo fu

[SSSD] [sssd PR#5792][edited] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: edited

 Changed field: body
Original value:
"""
verifies:#5604

bugzilla:https://bugzilla.redhat.com/show_bug.cgi?id=1925505  
"""

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5792][edited] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: edited

 Changed field: body
Original value:
"""
verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
"""

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From f51dc36ef2080d6a039018e7432ab8977b57c4df Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 37 +++--
 src/tests/multihost/alltests/test_sudo.py | 66 +--
 2 files changed, 94 insertions(+), 9 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..d7f34b7c24 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,11 +424,38 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}'
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = f'ou=sudoers,{ds_suffix}'
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/{ds_instance_name}'
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
-ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
-sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}'
+sudo_ou = f'ou=sudoers,{ds_suffix}'
 ds_rootdn = 'cn=Directory Manager'
 ds_rootpw = 'Secret123'
 ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
@@ -439,12 +466,12 @@ def sudo_rule(session_multihost, request):
 sudo_options = ["!requiretty", "!authenticate"]
 sudo_cmd = '/usr/bin/head'
 sudo_user = 'foo1'
-rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+rule_dn = f'cn={sudo_cmd},{sudo_ou}'
 try:
 ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
 sudo_user, sudo_options)
 except LdapException:
-pytest.fail("Failed to add sudo rule %s" % rule_dn)
+pytest.fail(f"Failed to add sudo rule {rule_dn}")
 else:
 extra_user = 'foo2'
 add_extra = [(ldap.MOD_ADD,  'sudoUser',
@@ -454,7 +481,7 @@ def sudo_rule(session_multihost, request):
 
 def del_sudo_rule():
 """ Delete sudo rule  """
-rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+rule_dn = f'cn={sudo_cmd},{sudo_ou}'
 (_, _) = ldap_inst.del_dn(rule_dn)
 (ret, _) = ldap_inst.del_dn(sudo_ou)
 assert ret == 'Success'
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..90981e2317 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo fu

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From f3d9ddb021b23037b8fac15059de9624348de7ef Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 37 +++--
 src/tests/multihost/alltests/test_sudo.py | 66 +--
 2 files changed, 94 insertions(+), 9 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..d7f34b7c24 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,11 +424,38 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}'
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = f'ou=sudoers,{ds_suffix}'
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/{ds_instance_name}'
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
-ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
-sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}'
+sudo_ou = f'ou=sudoers,{ds_suffix}'
 ds_rootdn = 'cn=Directory Manager'
 ds_rootpw = 'Secret123'
 ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
@@ -439,12 +466,12 @@ def sudo_rule(session_multihost, request):
 sudo_options = ["!requiretty", "!authenticate"]
 sudo_cmd = '/usr/bin/head'
 sudo_user = 'foo1'
-rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+rule_dn = f'cn={sudo_cmd},{sudo_ou}'
 try:
 ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
 sudo_user, sudo_options)
 except LdapException:
-pytest.fail("Failed to add sudo rule %s" % rule_dn)
+pytest.fail(f"Failed to add sudo rule {rule_dn}")
 else:
 extra_user = 'foo2'
 add_extra = [(ldap.MOD_ADD,  'sudoUser',
@@ -454,7 +481,7 @@ def sudo_rule(session_multihost, request):
 
 def del_sudo_rule():
 """ Delete sudo rule  """
-rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+rule_dn = f'cn={sudo_cmd},{sudo_ou}'
 (_, _) = ldap_inst.del_dn(rule_dn)
 (ret, _) = ldap_inst.del_dn(sudo_ou)
 assert ret == 'Success'
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..7632631d0b 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo fu

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From 690e52cae0ab1f49581f87071d8822a46b6767a5 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 27 ++
 src/tests/multihost/alltests/test_sudo.py | 66 +--
 2 files changed, 89 insertions(+), 4 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..8e4ba6c980 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,6 +424,33 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = 'ou=sudoers,%s' % ds_suffix
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/%s' % ds_instance_name
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..dc29787eea 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo full and smart refresh timeouts
+:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505
+:customerscenario: True
+:steps:
+  1. Edit sssdconfig and specify sssd smart, full timeout option
+  2. Restart sssd with cleared logs and cache
+  3. Wait for 40 seconds
+  4. Parse logs and confirm sudo full refresh and smart refresh
+ timeout are not running at same time
+  5. If sudo full refresh and smart refresh timer are scheduled at
+ same time then smart refresh is rescheduled to the next cycle
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
 multihost.client[0].service_sssd('stop')
-params = {'ldap_sudo_full_refresh_interval': '25',
-  'ldap_sudo_smart_refresh_interval': '15',
-  'ldap_sudo_random_offset': '5'}
-tools.sssd_conf(domain_section, params, action='delete')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+params = {'ldap_sudo_full_refresh_interval': '10',
+  'ldap_sudo_random_offset': '0',
+  'ldap_sudo_smart_re

[SSSD] [sssd PR#5794][closed] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5794
Author: shridhargadekar
 Title: #5794: Tests: improve sssd refresh timers for sudo queries
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5794/head:pr5794
git checkout pr5794
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5794][opened] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5794
Author: shridhargadekar
 Title: #5794: Tests: improve sssd refresh timers for sudo queries
Action: opened

PR body:
"""
verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5794/head:pr5794
git checkout pr5794
From 690e52cae0ab1f49581f87071d8822a46b6767a5 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 27 ++
 src/tests/multihost/alltests/test_sudo.py | 66 +--
 2 files changed, 89 insertions(+), 4 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..8e4ba6c980 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,6 +424,33 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = 'ou=sudoers,%s' % ds_suffix
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/%s' % ds_instance_name
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..dc29787eea 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo full and smart refresh timeouts
+:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505
+:customerscenario: True
+:steps:
+  1. Edit sssdconfig and specify sssd smart, full timeout option
+  2. Restart sssd with cleared logs and cache
+  3. Wait for 40 seconds
+  4. Parse logs and confirm sudo full refresh and smart refresh
+ timeout are not running at same time
+  5. If sudo full refresh and smart refresh timer are scheduled at
+ same time then smart refresh is rescheduled to the next cycle
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
 multihost.client[0].service_sssd('stop')
-params = {'ldap_sudo_full_refresh_interval': '25',
-  'ldap_sudo_smart_refresh_interval': '15',
-  'ldap_sudo_random_offset': '5'}
-tools.sssd_conf(domain_section, params, action='delete')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+params = {'ldap_sudo_full_refresh_interval': '10&

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From 160e666e5e36ce4fc07251fa4c08d0aa6766378f Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 27 +
 src/tests/multihost/alltests/test_sudo.py | 70 +--
 2 files changed, 93 insertions(+), 4 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..8e4ba6c980 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,6 +424,33 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = 'ou=sudoers,%s' % ds_suffix
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/%s' % ds_instance_name
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..0fb91a43e8 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo full and smart refresh timeouts
+:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505
+:customerscenario: True
+:steps:
+  1. Edit sssdconfig and specify sssd smart, full timeout option
+  2. Restart sssd with cleared logs and cache
+  3. Wait for 40 seconds
+  4. Parse logs and confirm sudo full refresh and smart refresh
+ timeout are not running at same time
+  5. If sudo full refresh and smart refresh timer are scheduled at
+ same time then smart refresh is rescheduled to the next cycle
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
 multihost.client[0].service_sssd('stop')
-params = {'ldap_sudo_full_refresh_interval': '25',
-  'ldap_sudo_smart_refresh_interval': '15',
-  'ldap_sudo_random_offset': '5'}
-tools.sssd_conf(domain_section, params, action='delete')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,%s' % ds_suffix
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_full_refresh_interval': 

[SSSD] [sssd PR#5792][+Tests] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5792
Title: #5792: Tests: improve sssd refresh timers for sudo queries

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5792][+Waiting for review] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5792
Title: #5792: Tests: improve sssd refresh timers for sudo queries

Label: +Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From 9634fa6c4ce30ce2df3db280d46fcd9ec0a3530a Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 27 +
 src/tests/multihost/alltests/test_sudo.py | 70 +--
 2 files changed, 93 insertions(+), 4 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..8e4ba6c980 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,6 +424,33 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = 'ou=sudoers,%s' % ds_suffix
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/%s' % ds_instance_name
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..bc66526859 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo full and smart refresh timeouts
+:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505
+:customerscenario: True
+:steps:
+  1. Edit sssdconfig and specify sssd smart, full timeout option
+  2. Restart sssd with cleared logs and cache
+  3. Wait for 40 seconds
+  4. Parse logs and confirm sudo full refresh and smart refresh
+ timeout are not running at same time
+  5. If sudo full refresh and smart refresh timer are scheduled at
+ same time then smart refresh is rescheduled to the next cycle
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
 multihost.client[0].service_sssd('stop')
-params = {'ldap_sudo_full_refresh_interval': '25',
-  'ldap_sudo_smart_refresh_interval': '15',
-  'ldap_sudo_random_offset': '5'}
-tools.sssd_conf(domain_section, params, action='delete')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_full_refresh_interval': 

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From d3176fd5f3217563e139aa9bbed9acc30778da5d Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 27 +
 src/tests/multihost/alltests/test_sudo.py | 70 +--
 2 files changed, 93 insertions(+), 4 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..8e4ba6c980 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,6 +424,33 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = 'ou=sudoers,%s' % ds_suffix
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/%s' % ds_instance_name
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..6b337d549e 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: improve sudo full and smart refresh timeouts
+:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505
+:customerscenario: True
+:steps:
+  1. Edit sssdconfig and specify sssd smart, full timeout option
+  2. Restart sssd with cleared logs and cache
+  3. Wait for 40 seconds
+  4. Parse logs and confirm sudo full refresh and smart refresh
+ timeout are not running at same time
+  5. If sudo full refresh and smart refresh timer are scheduled at
+ same time then smart refresh is rescheduled to the next cycle
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
 multihost.client[0].service_sssd('stop')
-params = {'ldap_sudo_full_refresh_interval': '25',
-  'ldap_sudo_smart_refresh_interval': '15',
-  'ldap_sudo_random_offset': '5'}
-tools.sssd_conf(domain_section, params, action='delete')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_full_refresh_interval': 

[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From 71856d448963459707a3680bf4adc1656ac4794b Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 22 Sep 2021 15:15:36 +0530
Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries

verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
---
 src/tests/multihost/alltests/conftest.py  | 27 +
 src/tests/multihost/alltests/test_sudo.py | 70 +--
 2 files changed, 93 insertions(+), 4 deletions(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 6ace9dfe07..8e4ba6c980 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -424,6 +424,33 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sssd_sudo_conf(session_multihost, request):
+""" Configure basic sudo parameters in sssd.conf """
+tools = sssdTools(session_multihost.client[0])
+session_multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db/')
+tools.remove_sss_cache('/var/log/sssd')
+ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params)
+sudo_base = 'ou=sudoers,%s' % ds_suffix
+params = {'ldap_sudo_search_base': sudo_base,
+  'sudo_provider': 'ldap'}
+domain_section = 'domain/%s' % ds_instance_name
+tools.sssd_conf(domain_section, params, action='update')
+ret = session_multihost.client[0].service_sssd('start')
+
+def restore_sssd_conf():
+""" Restore sssd.conf """
+services = 'nss, pam'
+sssd_params = {'services': services}
+tools.sssd_conf('sssd', sssd_params)
+tools.sssd_conf(domain_section, params, action='delete')
+request.addfinalizer(restore_sssd_conf)
+
+
 @pytest.fixture(scope='function')
 def sudo_rule(session_multihost, request):
 """ Create sudoers ldap entries """
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index a906eaada2..b221c8c51b 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost,
 same_intvl += 1
 index += 1
 assert rand_intvl > same_intvl
+
+@pytest.mark.tier2
+def test_improve_refresh_timers_sudo_timeout(self, multihost,
+ backupsssdconf,
+ sssd_sudo_conf,
+ sudo_rule):
+"""
+:title: sudo: randomize sudo refresh timeouts
+:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505
+:customerscenario: True
+:steps:
+  1. Edit sssdconfig and specify sssd smart, full timeout option
+  2. Restart sssd with cleared logs and cache
+  3. Wait for 40 seconds
+  4. Parse logs and confirm sudo full refresh and smart refresh
+ timeout are not running at same time
+  5. If sudo full refresh and smart refresh timeout are scheduled at
+ same time then smart refresh is rescheduled to the next cycle
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
 multihost.client[0].service_sssd('stop')
-params = {'ldap_sudo_full_refresh_interval': '25',
-  'ldap_sudo_smart_refresh_interval': '15',
-  'ldap_sudo_random_offset': '5'}
-tools.sssd_conf(domain_section, params, action='delete')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_full_refresh_interval': '10&#

[SSSD] [sssd PR#5792][edited] Tests: improve sssd refresh timers for sudo queries

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Tests: improve sssd refresh timers for sudo queries
Action: edited

 Changed field: title
Original value:
"""
Sssd 3162
"""

___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5792][opened] Sssd 3162

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5792
Author: shridhargadekar
 Title: #5792: Sssd 3162
Action: opened

PR body:
"""
verifies:#5604

bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5792/head:pr5792
git checkout pr5792
From 513f2e8e62f1cd1cb4dcefb6b7d7fc1f38dda509 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 25 Aug 2021 21:35:39 +0530
Subject: [PATCH 1/2] Test: Randomize the SUDO timeouts upon reconnection
 issue: #5609 bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514

---
 src/tests/multihost/alltests/conftest.py  | 37 
 src/tests/multihost/alltests/test_sudo.py | 53 +++
 2 files changed, 90 insertions(+)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..fa97ac5d61 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -395,6 +395,43 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sudo_rule(session_multihost, request):
+""" Create sudoers ldap entries """
+ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ds_rootdn = 'cn=Directory Manager'
+ds_rootpw = 'Secret123'
+ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+try:
+ldap_inst.org_unit('sudoers', ds_suffix)
+except LdapException:
+pytest.fail("already exist or failed to add sudo ou ")
+sudo_options = ["!requiretty", "!authenticate"]
+sudo_cmd = '/usr/bin/head'
+sudo_user = 'foo1'
+rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+try:
+ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
+sudo_user, sudo_options)
+except LdapException:
+pytest.fail("Failed to add sudo rule %s" % rule_dn)
+else:
+extra_user = 'foo2'
+add_extra = [(ldap.MOD_ADD,  'sudoUser',
+ extra_user.encode('utf-8'))]
+(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra)
+assert ret == 'Success'
+
+def del_sudo_rule():
+""" Delete sudo rule  """
+rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+(_, _) = ldap_inst.del_dn(rule_dn)
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+request.addfinalizer(del_sudo_rule)
+
+
 testdata = [
 [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z',
  'sudoNotBefore'],
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index 9e7fa87413..9ca1441cba 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -110,3 +110,56 @@ def test_timed_sudoers_entry(self,
 multihost.master[0].run_command(journalctl_cmd)
 pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
 ssh.close()
+
+
+@pytest.mark.tier2
+def test_randomize_sudo_timeout(self, multihost,
+backupsssdconf, sudo_rule):
+"""
+@Title: sudo: randomize sudo smart and full refresh timeouts
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_search_base': sudo_base,
+  'ldap_uri': sudo_uri,
+  'sudo_provider': "ldap",
+  'ldap_sudo_full_refresh_interval': '25',
+  'ldap_sudo_smart_refresh_interval': '15',
+  'ldap_sudo_random_offset': '5'}
+domain_section = 'domain/%s' % ds_instance_name
+tools.sssd_conf(domain_section, params, action='update')
+section = "sssd"
+sssd_params = {'services': 'nss, pam, sudo'}
+tools.sssd_conf(section, sssd_params, action='update')
+multihost.client[0].service_sssd('start')
+time.sleep(120)
+logfile = '/var/log/sssd/sssd_%s.

[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5761
Author: shridhargadekar
 Title: #5761: Tests: Randomize sudo refresh timeouts
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5761/head:pr5761
git checkout pr5761
From 7a7c072cec4fa76725333fe98aac09cef38a7421 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 25 Aug 2021 23:31:50 +0530
Subject: [PATCH] Tests: Randomize sudo refresh timeouts

Veifies: #5609

Bugzilla: @pytest.fixture(scope='function')

Signed-off-by: Shridhar Gadekar 
---
 src/tests/multihost/alltests/conftest.py  | 37 
 src/tests/multihost/alltests/test_sudo.py | 73 ++-
 2 files changed, 109 insertions(+), 1 deletion(-)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..fa97ac5d61 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -395,6 +395,43 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sudo_rule(session_multihost, request):
+""" Create sudoers ldap entries """
+ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ds_rootdn = 'cn=Directory Manager'
+ds_rootpw = 'Secret123'
+ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+try:
+ldap_inst.org_unit('sudoers', ds_suffix)
+except LdapException:
+pytest.fail("already exist or failed to add sudo ou ")
+sudo_options = ["!requiretty", "!authenticate"]
+sudo_cmd = '/usr/bin/head'
+sudo_user = 'foo1'
+rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+try:
+ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
+sudo_user, sudo_options)
+except LdapException:
+pytest.fail("Failed to add sudo rule %s" % rule_dn)
+else:
+extra_user = 'foo2'
+add_extra = [(ldap.MOD_ADD,  'sudoUser',
+ extra_user.encode('utf-8'))]
+(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra)
+assert ret == 'Success'
+
+def del_sudo_rule():
+""" Delete sudo rule  """
+rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+(_, _) = ldap_inst.del_dn(rule_dn)
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+request.addfinalizer(del_sudo_rule)
+
+
 testdata = [
 [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z',
  'sudoNotBefore'],
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index 271d9474f8..823ac3fbfe 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -4,7 +4,7 @@
 import paramiko
 from sssd.testlib.common.utils import SSHClient
 from sssd.testlib.common.utils import sssdTools
-from constants import ds_instance_name
+from constants import ds_instance_name, ds_suffix
 
 
 @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups',
@@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self,
 multihost.master[0].run_command(journalctl_cmd)
 pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
 ssh.close()
+
+@pytest.mark.tier2
+def test_randomize_sudo_timeout(self, multihost,
+backupsssdconf, sudo_rule):
+"""
+:title: sudo: randomize sudo refresh timeouts
+:id: 57720975-29ba-4ed7-868a-f9b784bbfed2
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514
+:customerscenario: True
+:steps:
+  1. Edit sssdconfig and specify sssd smart, full timeout option
+  2. Restart sssd with cleared logs and cache
+  3. Wait for 120 seconds
+  4. Parse logs and confirm sudo refresh timeouts are random
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,%s' % (ds_suffix)
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_search_base': sudo_base,
+  'ldap_uri&

[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5761
Author: shridhargadekar
 Title: #5761: Tests: Randomize sudo refresh timeouts
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5761/head:pr5761
git checkout pr5761
From 565f0c395f7a7df21458a8ccfdaf2595419fb8b1 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 25 Aug 2021 23:31:50 +0530
Subject: [PATCH] Tests: Randomize sudo refresh timeouts

Veifies: #5609

Bugzilla: @pytest.fixture(scope='function')

Signed-off-by: Shridhar Gadekar 
---
 src/tests/multihost/alltests/conftest.py  | 37 
 src/tests/multihost/alltests/test_sudo.py | 71 +++
 2 files changed, 108 insertions(+)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..fa97ac5d61 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -395,6 +395,43 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sudo_rule(session_multihost, request):
+""" Create sudoers ldap entries """
+ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ds_rootdn = 'cn=Directory Manager'
+ds_rootpw = 'Secret123'
+ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+try:
+ldap_inst.org_unit('sudoers', ds_suffix)
+except LdapException:
+pytest.fail("already exist or failed to add sudo ou ")
+sudo_options = ["!requiretty", "!authenticate"]
+sudo_cmd = '/usr/bin/head'
+sudo_user = 'foo1'
+rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+try:
+ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
+sudo_user, sudo_options)
+except LdapException:
+pytest.fail("Failed to add sudo rule %s" % rule_dn)
+else:
+extra_user = 'foo2'
+add_extra = [(ldap.MOD_ADD,  'sudoUser',
+ extra_user.encode('utf-8'))]
+(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra)
+assert ret == 'Success'
+
+def del_sudo_rule():
+""" Delete sudo rule  """
+rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+(_, _) = ldap_inst.del_dn(rule_dn)
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+request.addfinalizer(del_sudo_rule)
+
+
 testdata = [
 [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z',
  'sudoNotBefore'],
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index 271d9474f8..f7aa81a1ba 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self,
 multihost.master[0].run_command(journalctl_cmd)
 pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
 ssh.close()
+
+@pytest.mark.tier2
+def test_randomize_sudo_timeout(self, multihost,
+backupsssdconf, sudo_rule):
+"""
+:title: sudo: randomize sudo refresh timeouts
+:id: 57720975-29ba-4ed7-868a-f9b784bbfed2
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514
+:customerscenario: True
+:steps:
+  1. edit sssdconfig and specify sssd smart, full timeout option
+  2. restart sssd with cleared logs and cache
+  3. wait for 120 seconds
+  4. parse logs and confirm sudo refresh timeouts are random
+:expectedresults:
+  1. should succeed
+  2. should succeed
+  3. should succeed
+  4. should succeed
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_search_base': sudo_base,
+  'ldap_uri': sudo_uri,
+  'sudo_provider': "ldap",
+  'ldap_sudo_full_refresh_interval': '25',
+  'ldap_sudo_smart_refresh_interval': '15',
+  'ldap_sudo_random_offset': '5'}
+

[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5761
Author: shridhargadekar
 Title: #5761: Tests: Randomize sudo refresh timeouts
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5761/head:pr5761
git checkout pr5761
From 2386b5fab19a28eb5488006e53a6957a36db71fd Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 25 Aug 2021 23:31:50 +0530
Subject: [PATCH] Tests: Randomize sudo refresh timeouts

Veifies: #5609

Bugzilla: @pytest.fixture(scope='function')

Signed-off-by: Shridhar Gadekar 
---
 src/tests/multihost/alltests/conftest.py  | 37 
 src/tests/multihost/alltests/test_sudo.py | 71 +++
 2 files changed, 108 insertions(+)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..fa97ac5d61 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -395,6 +395,43 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sudo_rule(session_multihost, request):
+""" Create sudoers ldap entries """
+ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ds_rootdn = 'cn=Directory Manager'
+ds_rootpw = 'Secret123'
+ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+try:
+ldap_inst.org_unit('sudoers', ds_suffix)
+except LdapException:
+pytest.fail("already exist or failed to add sudo ou ")
+sudo_options = ["!requiretty", "!authenticate"]
+sudo_cmd = '/usr/bin/head'
+sudo_user = 'foo1'
+rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+try:
+ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
+sudo_user, sudo_options)
+except LdapException:
+pytest.fail("Failed to add sudo rule %s" % rule_dn)
+else:
+extra_user = 'foo2'
+add_extra = [(ldap.MOD_ADD,  'sudoUser',
+ extra_user.encode('utf-8'))]
+(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra)
+assert ret == 'Success'
+
+def del_sudo_rule():
+""" Delete sudo rule  """
+rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+(_, _) = ldap_inst.del_dn(rule_dn)
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+request.addfinalizer(del_sudo_rule)
+
+
 testdata = [
 [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z',
  'sudoNotBefore'],
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index 271d9474f8..65ba2f11b7 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self,
 multihost.master[0].run_command(journalctl_cmd)
 pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
 ssh.close()
+
+@pytest.mark.tier2
+def test_randomize_sudo_timeout(self, multihost,
+backupsssdconf, sudo_rule):
+"""
+:title: sudo: randomize sudo refresh timeouts
+:id: 57720975-29ba-4ed7-868a-f9b784bbfed2
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514
+:customerscenario: True
+:steps:
+  1. edit sssdconfig and specify sssd smart, full timeout option
+  2. restart sssd with cleared logs and cache
+  3. wait for 90 seconds
+  4. parse logs and confirm sudo refresh timeouts are random
+:expectedresults:
+  1. should succeed
+  2. should succeed
+  3. should succeed
+  4. should succeed
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_search_base': sudo_base,
+  'ldap_uri': sudo_uri,
+  'sudo_provider': "ldap",
+  'ldap_sudo_full_refresh_interval': '25',
+  'ldap_sudo_smart_refresh_interval': '15',
+  'ldap_sudo_random_offset': '5'}
+

[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5761
Author: shridhargadekar
 Title: #5761: Tests: Randomize sudo refresh timeouts
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5761/head:pr5761
git checkout pr5761
From 82b65ba5352bcd661a08a3e55355c31f189ff5ec Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 25 Aug 2021 23:31:50 +0530
Subject: [PATCH] Tests: Randomize sudo refresh timeouts

Veifies: #5609

Bugzilla: @pytest.fixture(scope='function')

Signed-off-by: Shridhar Gadekar 
---
 src/tests/multihost/alltests/conftest.py  | 37 
 src/tests/multihost/alltests/test_sudo.py | 71 +++
 2 files changed, 108 insertions(+)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..fa97ac5d61 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -395,6 +395,43 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sudo_rule(session_multihost, request):
+""" Create sudoers ldap entries """
+ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ds_rootdn = 'cn=Directory Manager'
+ds_rootpw = 'Secret123'
+ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+try:
+ldap_inst.org_unit('sudoers', ds_suffix)
+except LdapException:
+pytest.fail("already exist or failed to add sudo ou ")
+sudo_options = ["!requiretty", "!authenticate"]
+sudo_cmd = '/usr/bin/head'
+sudo_user = 'foo1'
+rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+try:
+ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
+sudo_user, sudo_options)
+except LdapException:
+pytest.fail("Failed to add sudo rule %s" % rule_dn)
+else:
+extra_user = 'foo2'
+add_extra = [(ldap.MOD_ADD,  'sudoUser',
+ extra_user.encode('utf-8'))]
+(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra)
+assert ret == 'Success'
+
+def del_sudo_rule():
+""" Delete sudo rule  """
+rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+(_, _) = ldap_inst.del_dn(rule_dn)
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+request.addfinalizer(del_sudo_rule)
+
+
 testdata = [
 [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z',
  'sudoNotBefore'],
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index 271d9474f8..3e6d709313 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self,
 multihost.master[0].run_command(journalctl_cmd)
 pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
 ssh.close()
+
+@pytest.mark.tier2
+def test_randomize_sudo_timeout(self, multihost,
+backupsssdconf, sudo_rule):
+"""
+:title: sudo: randomize sudo refresh timeouts
+:id: 57720975-29ba-4ed7-868a-f9b784bbfed2
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514
+:customerscenario: True
+:steps:
+  1. edit sssdconfig and specify sssd smart, full timeout option
+  2. restart sssd with cleared logs and cache
+  3. wait for 90 seconds
+  4. parse logs and confirm sudo refresh timeouts are random
+:expectedresults:
+  1. should succeed
+  2. should succeed
+  3. should succeed
+  4. should succeed
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_search_base': sudo_base,
+  'ldap_uri': sudo_uri,
+  'sudo_provider': "ldap",
+  'ldap_sudo_full_refresh_interval': '25',
+  'ldap_sudo_smart_refresh_interval': '15',
+  'ldap_sudo_random_offset': '5'}
+

[SSSD] [sssd PR#5761][+Tests] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5761
Title: #5761: Tests: Randomize sudo refresh timeouts

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5761][+Waiting for review] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5761
Title: #5761: Tests: Randomize sudo refresh timeouts

Label: +Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5761][+RFE] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5761
Title: #5761: Tests: Randomize sudo refresh timeouts

Label: +RFE
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5761
Author: shridhargadekar
 Title: #5761: Tests: Randomize sudo refresh timeouts
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5761/head:pr5761
git checkout pr5761
From 079d82e96f9791a61ee485845ea20fa9093b035d Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 25 Aug 2021 23:31:50 +0530
Subject: [PATCH] Tests: Randomize sudo refresh timeouts

Veifies: #5609

Bugzilla: @pytest.fixture(scope='function')

Signed-off-by: Shridhar Gadekar 
---
 src/tests/multihost/alltests/conftest.py  | 37 
 src/tests/multihost/alltests/test_sudo.py | 72 +++
 2 files changed, 109 insertions(+)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..fa97ac5d61 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -395,6 +395,43 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sudo_rule(session_multihost, request):
+""" Create sudoers ldap entries """
+ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ds_rootdn = 'cn=Directory Manager'
+ds_rootpw = 'Secret123'
+ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+try:
+ldap_inst.org_unit('sudoers', ds_suffix)
+except LdapException:
+pytest.fail("already exist or failed to add sudo ou ")
+sudo_options = ["!requiretty", "!authenticate"]
+sudo_cmd = '/usr/bin/head'
+sudo_user = 'foo1'
+rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+try:
+ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
+sudo_user, sudo_options)
+except LdapException:
+pytest.fail("Failed to add sudo rule %s" % rule_dn)
+else:
+extra_user = 'foo2'
+add_extra = [(ldap.MOD_ADD,  'sudoUser',
+ extra_user.encode('utf-8'))]
+(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra)
+assert ret == 'Success'
+
+def del_sudo_rule():
+""" Delete sudo rule  """
+rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+(_, _) = ldap_inst.del_dn(rule_dn)
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+request.addfinalizer(del_sudo_rule)
+
+
 testdata = [
 [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z',
  'sudoNotBefore'],
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index 271d9474f8..fcd3f3bdd6 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -110,3 +110,75 @@ def test_timed_sudoers_entry(self,
 multihost.master[0].run_command(journalctl_cmd)
 pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
 ssh.close()
+
+
+@pytest.mark.tier2
+def test_randomize_sudo_timeout(self, multihost,
+backupsssdconf, sudo_rule):
+"""
+:title: sudo: randomize sudo refresh timeouts
+:id: 57720975-29ba-4ed7-868a-f9b784bbfed2
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514
+:customerscenario: True
+:steps:
+  1. edit sssdconfig and specify sssd smart, full timeout option
+  2. restart sssd with cleared logs and cache
+  3. wait for 90 seconds
+  4. parse logs and confirm sudo refresh timeouts are random
+:expectedresults:
+  1. should succeed
+  2. should succeed
+  3. should succeed
+  4. should succeed
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_search_base': sudo_base,
+  'ldap_uri': sudo_uri,
+  'sudo_provider': "ldap",
+  'ldap_sudo_full_refresh_interval': '25',
+  'ldap_sudo_smart_refresh_interval': '15',
+  'ldap_sudo_random_offset': '5'}
+

[SSSD] [sssd PR#5761][opened] Tests: Randomize sudo refresh timeouts

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5761
Author: shridhargadekar
 Title: #5761: Tests: Randomize sudo refresh timeouts
Action: opened

PR body:
"""
Randomize smart and full sudo refresh timeouts after reconnection

Veifies: #5609

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514

Signed-off-by: Shridhar Gadekar 
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5761/head:pr5761
git checkout pr5761
From 6fc0e37c366f459bbfccc1a0c02693d7a5f0d5bf Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Wed, 25 Aug 2021 23:31:50 +0530
Subject: [PATCH] Tests: Randomize sudo refresh timeouts

Veifies: #5609

Bugzilla: @pytest.fixture(scope='function')

Signed-off-by: Shridhar Gadekar 
---
 src/tests/multihost/alltests/conftest.py  | 37 +
 src/tests/multihost/alltests/test_sudo.py | 66 +++
 2 files changed, 103 insertions(+)

diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py
index 3996459632..fa97ac5d61 100644
--- a/src/tests/multihost/alltests/conftest.py
+++ b/src/tests/multihost/alltests/conftest.py
@@ -395,6 +395,43 @@ def restore_sssd_conf():
 request.addfinalizer(restore_sssd_conf)
 
 
+@pytest.fixture(scope='function')
+def sudo_rule(session_multihost, request):
+""" Create sudoers ldap entries """
+ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
+sudo_ou = 'ou=sudoers, %s' % ds_suffix
+ds_rootdn = 'cn=Directory Manager'
+ds_rootpw = 'Secret123'
+ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
+try:
+ldap_inst.org_unit('sudoers', ds_suffix)
+except LdapException:
+pytest.fail("already exist or failed to add sudo ou ")
+sudo_options = ["!requiretty", "!authenticate"]
+sudo_cmd = '/usr/bin/head'
+sudo_user = 'foo1'
+rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou)
+try:
+ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head',
+sudo_user, sudo_options)
+except LdapException:
+pytest.fail("Failed to add sudo rule %s" % rule_dn)
+else:
+extra_user = 'foo2'
+add_extra = [(ldap.MOD_ADD,  'sudoUser',
+ extra_user.encode('utf-8'))]
+(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra)
+assert ret == 'Success'
+
+def del_sudo_rule():
+""" Delete sudo rule  """
+rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou)
+(_, _) = ldap_inst.del_dn(rule_dn)
+(ret, _) = ldap_inst.del_dn(sudo_ou)
+assert ret == 'Success'
+request.addfinalizer(del_sudo_rule)
+
+
 testdata = [
 [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z',
  'sudoNotBefore'],
diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py
index 271d9474f8..3dcc4e129d 100644
--- a/src/tests/multihost/alltests/test_sudo.py
+++ b/src/tests/multihost/alltests/test_sudo.py
@@ -110,3 +110,69 @@ def test_timed_sudoers_entry(self,
 multihost.master[0].run_command(journalctl_cmd)
 pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1'))
 ssh.close()
+
+
+@pytest.mark.tier2
+def test_randomize_sudo_timeout(self, multihost,
+backupsssdconf, sudo_rule):
+"""
+:title: sudo: randomize sudo refresh timeouts
+:id: 57720975-29ba-4ed7-868a-f9b784bbfed2
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514
+:customerscenario: True
+:steps:
+  1. edit sssdconfig and specify sssd smart, full timeout option
+  2. restart sssd with cleared logs and cache
+  3. wait for 90 seconds
+  4. parse logs and confirm sudo refresh timeouts are random
+:expectedresults:
+  1. should succeed
+  2. should succeed
+  3. should succeed
+  4. should succeed
+"""
+tools = sssdTools(multihost.client[0])
+multihost.client[0].service_sssd('stop')
+tools.remove_sss_cache('/var/lib/sss/db')
+tools.remove_sss_cache('/var/log/sssd')
+sudo_base = 'ou=sudoers,dc=example,dc=test'
+sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname
+params = {'ldap_sudo_search_base': sudo_base,
+  'ldap_uri': sudo_uri,
+  'sudo_provider': "ldap",
+  

[SSSD] [sssd PR#5711][+Accepted] SSSD is generating lot of LDAP queries in a very large environment

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5711
Title: #5711: SSSD is generating lot of LDAP queries in a very large environment

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5711][comment] SSSD is generating lot of LDAP queries in a very large environment

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5711
Title: #5711: SSSD is generating lot of LDAP queries in a very large environment

shridhargadekar commented:
"""
looks good.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5711#issuecomment-880602017
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5681][comment] Test: sudo rule with runAS set to short-username value

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5681
Title: #5681: Test: sudo rule with runAS set to short-username value

shridhargadekar commented:
"""
https://ci-jenkins-csb-idm.apps.ocp4.prod.psi.redhat.com/blue/organizations/jenkins/trigger-test-suite-tool/detail/trigger-test-suite-tool/464/pipeline/63
   @aborah-sudo  this passed
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5681#issuecomment-871171579
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5681][comment] Test: sudo rule with runAS set to short-username value

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5681
Title: #5681: Test: sudo rule with runAS set to short-username value

shridhargadekar commented:
"""
@aborah-sudo  any update on this?
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5681#issuecomment-867039268
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5681][opened] Test: sudo rule with runAS set to short-username value

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5681
Author: shridhargadekar
 Title: #5681: Test: sudo rule with runAS set to short-username value
Action: opened

PR body:
"""
In the AD-server, a sudo rule containing sudoRunAs attribute to a 
short-username should not generate error in the sssd log.
https://bugzilla.redhat.com/show_bug.cgi?id=1910131

"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5681/head:pr5681
git checkout pr5681
From 443180e0dfb4f534c6032dd8557e8d887b498a1b Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Fri, 11 Jun 2021 14:25:37 +0530
Subject: [PATCH] Test: sudo rule with runAS set to short-username value

sudo rule containing sudoRunAs attribute to a short-username
should not generate error in the sssd log.
---
 src/tests/multihost/ad/conftest.py  | 19 +-
 src/tests/multihost/ad/test_sudo.py | 56 +
 2 files changed, 74 insertions(+), 1 deletion(-)

diff --git a/src/tests/multihost/ad/conftest.py b/src/tests/multihost/ad/conftest.py
index ce8856e396..d3b67b305e 100644
--- a/src/tests/multihost/ad/conftest.py
+++ b/src/tests/multihost/ad/conftest.py
@@ -481,6 +481,9 @@ def create_ad_sudousers(session_multihost, request):
 ad_group1 = 'sudo_groupx'
 ad.create_ad_nonposix_group(ad_group1)
 ad.add_user_member_of_group(ad_group1, ad_user1)
+ad_user_a = 'sudo_usera'
+ad_group_a = 'sudo_groupa'
+ad.create_ad_unix_user_group(ad_user_a, ad_group_a)
 
 def remove_ad_sudousers():
 """ Remove AD sudo users and groups """
@@ -489,7 +492,8 @@ def remove_ad_sudousers():
 ad_group = 'sudo_idmgroup%d' % idx
 ad.delete_ad_user_group(ad_group)
 ad.delete_ad_user_group(ad_user)
-for object in [ad_group1, ad_group2, ad_user1]:
+usrgrp = [ad_user1, ad_group1, ad_group2, ad_user_a, ad_group_a]
+for object in usrgrp:
 ad.delete_ad_user_group(object)
 request.addfinalizer(remove_ad_sudousers)
 
@@ -546,9 +550,22 @@ def sudorules(session_multihost, request):
 user.encode('utf-8'))]
 (ret, _) = win_ldap.modify_ldap(rule_dn, extra_sudo_user)
 assert ret == 'Success'
+rule1_dn = 'cn=head_rule1,%s' % (sudo_ou)
+sudo_identity = 'sudo_usera'
+sudo_options = ["!requiretty", "!authenticate"]
+win_ldap.add_sudo_rule(rule1_dn, 'ALL', sudo_cmd,
+  sudo_identity, sudo_options)
+user1 = 'sudo_idmuser1'
+extra_sudo_user = [(ldap.MOD_ADD, 'sudoRunAs',
+user1.encode('utf-8'))]
+(ret, _) = win_ldap.modify_ldap(rule1_dn, extra_sudo_user)
+assert ret == 'Success'
+
 
 def delete_sudorule():
 """ Delete sudo rule """
+(ret, _) = win_ldap.del_dn(rule1_dn)
+assert ret == 'Success'
 for item in ['user', 'group']:
 for idx in range(1, 10):
 rule_dn = 'cn=less_%s_rule%d,%s' % (item, idx, sudo_ou)
diff --git a/src/tests/multihost/ad/test_sudo.py b/src/tests/multihost/ad/test_sudo.py
index 26125dbc77..7d090ddc99 100644
--- a/src/tests/multihost/ad/test_sudo.py
+++ b/src/tests/multihost/ad/test_sudo.py
@@ -8,6 +8,7 @@
 import pytest
 import paramiko
 import time
+import re
 from sssd.testlib.common.utils import SSHClient
 from sssd.testlib.common.utils import sssdTools
 
@@ -161,6 +162,61 @@ def test_003_support_non_posix_group_in_sudorule(self, multihost):
 client.sssd_conf(domain_section, params, action='delete')
 assert '/usr/bin/head\n' in result
 
+def test_004_sudorule_with_short_username(self, multihost):
+"""
+:title: sssd should accept a short-username to sudoRunAs option
+:id:61b1abf2-310b-4cdf-8238-b32d235df9a9
+:customerscenario: True
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1910131
+:setup:
+1. Add sudo rules with sudoRunAs attribute value set to short-username
+2. Join a client, without fqdn, to the AD
+3. Set debug level to 2
+
+:steps:
+ 1.Run sudo command as AD-user for whom rule is created
+:expectedResuls:
+1. There should be no error in the sudo or domain log related
+   to 'short-username or non-fqdn username'
+"""
+client = sssdTools(multihost.client[0], multihost.ad[0])
+domain_name = client.get_domain_section_name()
+domain_section = 'domain/%s' % (domain_name)
+params = {
+'debug_level': '2'}
+client.sssd_conf(domain_section, params)
+client.sssd

[SSSD] [sssd PR#5639][+Accepted] TEST: Fixes after running new tests downstream

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5639
Title: #5639: TEST: Fixes after running new tests downstream

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5639][-Waiting for review] TEST: Fixes after running new tests downstream

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5639
Title: #5639: TEST: Fixes after running new tests downstream

Label: -Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5639][comment] TEST: Fixes after running new tests downstream

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5639
Title: #5639: TEST: Fixes after running new tests downstream

shridhargadekar commented:
"""
Look good.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5639#issuecomment-845918847
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5612][-Changes requested] test: minor change in test doc string

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5612
Title: #5612: test: minor change in test doc string

Label: -Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5591][comment] Tests: Regression part of bash to pytest of shadow utils

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5591
Title: #5591: Tests:  Regression part of bash to pytest of shadow utils

shridhargadekar commented:
"""
modified changes look fine.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5591#issuecomment-828347036
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5612][synchronized] test: minor change in test doc string

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5612
Author: shridhargadekar
 Title: #5612: test: minor change in test doc string
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5612/head:pr5612
git checkout pr5612
From 21c91f6d214c8446778c6f6fb220569ed9d1681d Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 27 Apr 2021 22:27:07 +0530
Subject: [PATCH] test: minor change in test doc string

adding test id in the doc string
---
 src/tests/multihost/alltests/test_automount.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 44b9a98b1b..e706537527 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -352,10 +352,10 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 @pytest.mark.tier2
 def test_009_maps_after_coming_online(self, multihost, add_nisobject):
 """
-:title: IDM-SSSD-TC: ldap-Provider Automount: Without eisting cache
-  when sssd comes to online state from offline, autofs maps are fetched
-  without a restart
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
 :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:customerscenario: True
 
 :setup:
   1. edit sssd.conf and specify autofs_provider = ad
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5612][+Waiting for review] test: minor change in test doc string

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5612
Title: #5612: test: minor change in test doc string

Label: +Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5612][opened] test: minor change in test doc string

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5612
Author: shridhargadekar
 Title: #5612: test: minor change in test doc string
Action: opened

PR body:
"""
adding test id in the doc string
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5612/head:pr5612
git checkout pr5612
From cbea68a39d6fbbd23f68cc99be62bc667d0e0895 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 27 Apr 2021 22:27:07 +0530
Subject: [PATCH] test: minor change in test doc string

adding test id in the doc string
---
 src/tests/multihost/alltests/test_automount.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 44b9a98b1b..51f1846f1c 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -355,6 +355,7 @@ def test_009_maps_after_coming_online(self, multihost, add_nisobject):
 :title: IDM-SSSD-TC: ldap-Provider Automount: Without eisting cache
   when sssd comes to online state from offline, autofs maps are fetched
   without a restart
+:id: 5166e9b8-1ed9-445a-a927-24bc16db6281
 :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1113639
 
 :setup:
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5606][-Waiting for review] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5606
Title: #5606: Tests: alltests: fetch autofs maps after coming online

Label: -Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5478][comment] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5478
Title: #5478: Tests: alltests: fetch autofs maps after coming online

shridhargadekar commented:
"""
new PR is raised
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5478#issuecomment-827062915
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5478][closed] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: closed

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5606][+Tests] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5606
Title: #5606: Tests: alltests: fetch autofs maps after coming online

Label: +Tests
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5606][opened] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5606
Author: shridhargadekar
 Title: #5606: Tests: alltests: fetch autofs maps after coming online
Action: opened

PR body:
"""
SSSD should fetch autofs maps from server when coming online
from offline state, without existing cache.

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.

#Verifies:
Issues: #3413

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113639
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5606/head:pr5606
git checkout pr5606
From 19f3e3cc26346b60d9db3c859c75bda9d02859dc Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Tue, 27 Apr 2021 00:06:36 +0530
Subject: [PATCH] Tests: alltests: fetch autofs maps after coming online

SSSD should fetch autofs maps from server when coming online
from offline state, without existing cache.
---
 .../multihost/alltests/test_automount.py  | 57 ++
 .../multihost/sssd/testlib/common/utils.py| 76 +++
 2 files changed, 133 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 414c009b9c..5509fecb75 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -348,3 +348,60 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.tier2
+def test_009_maps_after_coming_online(self, multihost, add_nisobject):
+"""
+:title: IDM-SSSD-TC: ldap-Provider Automount: Without eisting cache
+  when sssd comes to online state from offline, autofs maps are fetched
+  without a restart
+:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+
+:setup:
+  1. edit sssd.conf and specify autofs_provider = ad
+  2. restart autofs
+
+:steps:
+  1. firewalld block 389 and 636
+  2. stop sssd, autofs.
+  3. remove sssd cache
+  4. Start sssd
+  5. remove firewall rule
+  6. start autofs
+
+:expectedresults:
+  1. Should succeed
+  2. Should succeed
+  3. Should succeed
+  4. Should succeed
+  5. Should succeed
+  6. Should succeed
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+for service in ['sssd', 'autofs']:
+client.service_ctrl("stop", service)
+client.service_ctrl("start", "firewalld")
+client.firewall_port(636, 'BLOCK')
+client.firewall_port(389, 'BLOCK')
+client.firewall_port('ALL', 'allowall')
+client.clear_sssd_cache()
+time.sleep(5)
+cmdy = 'id foo1@%s' % domain_name
+multihost.client[0].run_command(cmdy, raiseonerr=False)
+cmd = 'sssctl domain-status %s' % domain_name
+cmd1 = multihost.client[0].run_command(cmd, raiseonerr=False)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd1.stdout_text)
+assert result is not None
+cmdz = cmd1.stdout_text
+client.firewall_port(636, 'OPEN')
+client.firewall_port(389, 'OPEN')
+client.firewall_port('ALL', 'delall')
+client.service_ctrl("stop", "firewalld")
+time.sleep(60)
+cmd2 = client.service_ctrl("start", "autofs")
+cmd = 'dnf remove -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+assert cmd2 == 0
diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py
index e9dba35845..a230525a45 100644
--- a/src/tests/multihost/sssd/testlib/common/utils.py
+++ b/src/tests/multihost/sssd/testlib/common/utils.py
@@ -138,6 +138,82 @@ def update_etc_hosts(self, ip_addr, hostname):
 contents = "\n" + hostentry + contents.replace(hostentry, '')
 self.multihost.put_file_contents('/etc/hosts', contents)
 
+def firewall_port(self, port, action):
+""" open or block ports via firewalld
+:param int port_num: port number to open or block
+:param str action: action to perform on port, action could be
+'block', 'open', 'allowall', 'delall'
+:port o

[SSSD] [sssd PR#5606][+Waiting for review] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5606
Title: #5606: Tests: alltests: fetch autofs maps after coming online

Label: +Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5565][+Accepted] Tests: Tests if shadow-utils are immune against bugs in 2006:0032

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5565
Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5565][-Waiting for review] Tests: Tests if shadow-utils are immune against bugs in 2006:0032

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5565
Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032

Label: -Waiting for review
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5565][comment] Tests: Tests if shadow-utils are immune against bugs in 2006:0032

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5565
Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032

shridhargadekar commented:
"""
There are three testcases in original script. Segregate them accordingly. Rest 
lgtm.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5565#issuecomment-816604767
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5565][comment] Tests: Tests if shadow-utils are immune against bugs in 2006:0032

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5565
Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032

shridhargadekar commented:
"""
Could you rewrite the 'grep and pipe' part in more pythonic way? 're' module 
could be used for parsing.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5565#issuecomment-815595535
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From f11f3a6a996b9215884911236ae18968f8fbc649 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 70 +++
 1 file changed, 70 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..09afcc98a4 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,73 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1_2
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+:bugzilla:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:customerscenario: True
+:steps:
+  1. firewall block 389 and 636
+  2. stop sssd, autofs.
+  3. remove sssd cache
+  4. edit and specify autofs_provider
+  5. Start sssd
+  6. remove firewall rule
+  7. start autofs
+:expectedresults:
+  1. port 389 and 636 should not allow any traffic
+  2. sssd and autofs services should stop
+  3. sssd cache should be deleted successfully
+  4. edit should be successfully loaded in sssd.conf
+  5. sssd should come online within 60 seconds
+  6. port 389 and 636 should allow traffic through them
+  7. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+for service in ['sssd', 'autofs']:
+client.service_ctrl("stop", service)
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+client.service_ctrl("start", "firewalld")
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.clear_sssd_cache()
+time.sleep(5)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseonerr=True)
+multihost.client[0].run_command(fw_r2, raiseonerr=True)
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.service_ctrl("stop", "firewalld")
+time.sleep(60)
+client.service_ctrl("start", "autofs")
+cmd =

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From f11f3a6a996b9215884911236ae18968f8fbc649 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 70 +++
 1 file changed, 70 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..09afcc98a4 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,73 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1_2
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+:bugzilla:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:customerscenario: True
+:steps:
+  1. firewall block 389 and 636
+  2. stop sssd, autofs.
+  3. remove sssd cache
+  4. edit and specify autofs_provider
+  5. Start sssd
+  6. remove firewall rule
+  7. start autofs
+:expectedresults:
+  1. port 389 and 636 should not allow any traffic
+  2. sssd and autofs services should stop
+  3. sssd cache should be deleted successfully
+  4. edit should be successfully loaded in sssd.conf
+  5. sssd should come online within 60 seconds
+  6. port 389 and 636 should allow traffic through them
+  7. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+for service in ['sssd', 'autofs']:
+client.service_ctrl("stop", service)
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+client.service_ctrl("start", "firewalld")
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.clear_sssd_cache()
+time.sleep(5)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseonerr=True)
+multihost.client[0].run_command(fw_r2, raiseonerr=True)
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.service_ctrl("stop", "firewalld")
+time.sleep(60)
+client.service_ctrl("start", "autofs")
+cmd =

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From 0fde387e5e811d4804e7a74b77feaa14ddedf833 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 69 +++
 1 file changed, 69 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..13fa26f510 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,72 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1_2
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+:bugzilla:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:steps:
+  1. firewall block 389 and 636
+  2. stop sssd, autofs.
+  3. remove sssd cache
+  4. edit and specify autofs_provider
+  5. Start sssd
+  6. remove firewall rule
+  7. start autofs
+:expectedresults:
+  1. port 389 and 636 should not allow any traffic
+  2. sssd and autofs services should stop
+  3. sssd cache should be deleted successfully
+  4. edit should be successfully loaded in sssd.conf
+  5. sssd should come online within 60 seconds
+  6. port 389 and 636 should allow traffic through them
+  7. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+for service in ['sssd', 'autofs']:
+client.service_ctrl("stop", service)
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+client.service_ctrl("start", "firewalld")
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.clear_sssd_cache()
+time.sleep(5)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseonerr=True)
+multihost.client[0].run_command(fw_r2, raiseonerr=True)
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.service_ctrl("stop", "firewalld")
+time.sleep(60)
+client.service_ctrl("start", "autofs")
+cmd = 'dnf remove -y firewalld&#x

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From 7c3f756dff60a3c6c16e27fe23fd4b85c535c66b Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 70 +++
 1 file changed, 70 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..fb85e3ed9c 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,73 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1_2
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+:bugzilla:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:setup:
+  1. edit sssd.conf and specify autofs_provider
+  2. Install and configure firewall
+:steps:
+  1. firewall block 389 and 636
+  2. stop sssd, autofs.
+  3. remove sssd cache
+  4. Start sssd
+  5. remove firewall rule
+  6. start autofs
+:expectedresults:
+  1. port 389 and 636 should not allow any traffic
+  2. sssd and autofs services should stop
+  3. sssd cache should be deleted successfully
+  4. sssd should come online within 60 seconds
+  5. port 389 and 636 should allow traffic through them
+  6. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+for service in ['sssd', 'autofs']:
+client.service_ctrl("stop", service)
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+client.service_ctrl("start", "firewalld")
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.clear_sssd_cache()
+time.sleep(5)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseonerr=True)
+multihost.client[0].run_command(fw_r2, raiseonerr=True)
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.service_ctrl("stop", "firewalld")
+time.sleep(60)
+client.service_ctrl("start", "autofs")
+cmd = 'd

[SSSD] [sssd PR#5527][+Accepted] TEST: missing multihost in service_ctrl

[shridhargadekar]

  URL: https://github.com/SSSD/sssd/pull/5527
Title: #5527: TEST: missing multihost in service_ctrl

Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From 1d36adf38098aed464ea7b7e0dbc4c2ce103c97c Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 71 +++
 1 file changed, 71 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..bdcc156647 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,74 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1_2
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+:bugzilla:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:setup:
+  1. edit sssd.conf and specify autofs_provider
+  2. Install and configure firewall
+:steps:
+  1. firewall block 389 and 636
+  2. stop sssd, autofs.
+  3. remove sssd cache
+  4. Start sssd
+  5. remove firewall rule
+  6. start autofs
+:expectedresults:
+  1. port 389 and 636 should not allow any traffic
+  2. sssd and autofs services should stop
+  3. sssd cache should be deleted successfully
+  4. sssd should come online within 60 seconds
+  5. port 389 and 636 should allow traffic through them
+  6. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+for service in ['sssd', 'autofs']:
+client.service_ctrl("stop", service)
+client.clear_sssd_cache()
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+client.service_ctrl("start", "firewalld")
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.service_ctrl("start", "sssd")
+time.sleep(5)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseonerr=True)
+multihost.client[0].run_command(fw_r2, raiseonerr=True)
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+client.service_ctrl("stop", "firewalld")
+time.sleep(60)
+client.service_ctrl("star

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From 94cedfe143b7665bcb36f158abc75724aa270149 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 79 +++
 1 file changed, 79 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..ff0b0e5ed3 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,82 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+:bugzilla:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:setup:
+  1. edit sssd.conf and specify autofs_provider
+  2. Install and configure firewall
+:steps:
+  1. firewall block 389 and 636
+  2. stop sssd, autofs.
+  3. remove sssd cache
+  4. Start sssd
+  5. remove firewall rule
+  6. start autofs
+:expectedresults:
+  1. port 389 and 636 should not allow any traffic
+  2. sssd and autofs services should stop
+  3. sssd cache should be deleted successfully
+  4. sssd should come online within 60 seconds
+  5. port 389 and 636 should allow traffic through them
+  6. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+for service in ['sssd', 'autofs']:
+srv = 'systemctl stop %s' % service
+try:
+multihost.client[0].run_command(srv)
+except subprocess.CalledProcessError:
+pytest.fail("Unable to stop %s service" % service)
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+client.clear_sssd_cache()
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+cmd = 'systemctl start firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+cmd = 'systemctl start sssd'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+time.sleep(10)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_comma

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From 501ee173580516013de66e776d2450abb05a7d7a Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 79 +++
 1 file changed, 79 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..17b6fb9676 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,82 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+:bugzilla:
+https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+:setup:
+1. edit sssd.conf and specify autofs_provider
+2. Install and configure firewall
+:steps:
+1. firewall block 389 and 636
+2. stop sssd, autofs.
+3. remove sssd cache
+4. Start sssd
+5. remove firewall rule
+6. start autofs
+:expectedresults:
+1. port 389 and 636 should not allow any traffic
+2. sssd and autofs services should stop
+3. sssd cache should be deleted successfully
+4. sssd should come online within 60 seconds
+5. port 389 and 636 should allow traffic through them
+6. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+for service in ['sssd', 'autofs']:
+srv = 'systemctl stop %s' % service
+try:
+multihost.client[0].run_command(srv)
+except subprocess.CalledProcessError:
+pytest.fail("Unable to stop %s service" % service)
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+client.clear_sssd_cache()
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+cmd = 'systemctl start firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+cmd = 'systemctl start sssd'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+time.sleep(10)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseonerr=True)

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From f8c75da5f9953f6a8c5e58a4046eb568a65cf702 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 84 +++
 1 file changed, 84 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..5cb3c72280 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,87 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+:title: fetch autofs map after coming online from offline
+
+:id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+
+:bugzilla:
+https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+
+:setup:
+1. edit sssd.conf and specify autofs_provider
+2. Install and configure firewall
+
+:steps:
+1. firewall block 389 and 636
+2. stop sssd, autofs.
+3. remove sssd cache
+4. Start sssd
+5. remove firewall rule
+6. start autofs
+
+:expectedresults:
+1. port 389 and 636 should not allow any traffic
+2. sssd and autofs services should stop
+3. sssd cache should be deleted successfully
+4. sssd should come online within 60 seconds
+5. port 389 and 636 should allow traffic through them
+6. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+for service in ['sssd', 'autofs']:
+srv = 'systemctl stop %s' % service
+try:
+multihost.client[0].run_command(srv)
+except subprocess.CalledProcessError:
+pytest.fail("Unable to stop %s service" % service)
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+client.clear_sssd_cache()
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+cmd = 'systemctl start firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+cmd = 'systemctl start sssd'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+time.sleep(10)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseoner

[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online

[shridhargadekar]

   URL: https://github.com/SSSD/sssd/pull/5478
Author: shridhargadekar
 Title: #5478: Tests: alltests: fetch autofs maps after coming online
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5478/head:pr5478
git checkout pr5478
From 3c053ec1da72224c85db8ea71df0ea8fabdd0b13 Mon Sep 17 00:00:00 2001
From: Shridhar Gadekar 
Date: Thu, 28 Jan 2021 19:12:02 +0530
Subject: [PATCH] fetch autofs maps after coming online

SSSD is started in offline mode with no existing
cache. While coming online, SSSD should fetch
autofs maps from server without restarting D service.
---
 .../multihost/alltests/test_automount.py  | 84 +++
 1 file changed, 84 insertions(+)

diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py
index 33ed6b1563..d794f8cd7d 100644
--- a/src/tests/multihost/alltests/test_automount.py
+++ b/src/tests/multihost/alltests/test_automount.py
@@ -342,3 +342,87 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps,
 # delete the pcap file
 del_pcap = 'rm -f %s' % auto_pcapfile
 multihost.client[0].run_command(del_pcap)
+
+@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True)
+@pytest.mark.tier1
+def test_009_fetch_maps_coming_online_from_offline(self, multihost,
+   add_nisobject):
+"""
+@title: fetch autofs map after coming online from offline
+
+@id: b9da6e0e-3d8b-4465-b435-338708d0d51e
+
+@bugzilla:
+https://bugzilla.redhat.com/show_bug.cgi?id=1113639
+
+@setup:
+1. edit sssd.conf and specify autofs_provider
+2. Install and configure firewall
+
+@steps:
+1. firewall block 389 and 636
+2. stop sssd, autofs.
+3. remove sssd cache
+4. Start sssd
+5. remove firewall rule
+6. start autofs
+
+@expectedresults:
+1. port 389 and 636 should not allow any traffic
+2. sssd and autofs services should stop
+3. sssd cache should be deleted successfully
+4. sssd should come online within 60 seconds
+5. port 389 and 636 should allow traffic through them
+6. autofs should start successfully
+"""
+multihost.master[0].run_command(['touch', '/export/nfs-test'])
+for service in ['sssd', 'autofs']:
+srv = 'systemctl stop %s' % service
+try:
+multihost.client[0].run_command(srv)
+except subprocess.CalledProcessError:
+pytest.fail("Unable to stop %s service" % service)
+client = sssdTools(multihost.client[0])
+domain_name = client.get_domain_section_name()
+client.clear_sssd_cache()
+cmd = 'dnf install -y firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+cmd = 'systemctl start firewalld'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\
+  'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_add0, raiseonerr=True)
+multihost.client[0].run_command(fw_add1, raiseonerr=True)
+multihost.client[0].run_command(fw_add2, raiseonerr=True)
+fw_rld = 'firewall-cmd --reload'
+multihost.client[0].run_command(fw_rld, raiseonerr=True)
+cmd = 'systemctl start sssd'
+multihost.client[0].run_command(cmd, raiseonerr=True)
+time.sleep(10)
+cmd = 'sssctl domain-status %s' % domain_name
+multihost.client[0].run_command(cmd, raiseonerr=True)
+find = re.compile(r'Online status: Offline')
+result = find.search(cmd.stdout_text)
+assert result is not None
+fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP'
+fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP'
+fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\
+'filter OUTPUT 2 -j ACCEPT'
+multihost.client[0].run_command(fw_r0, raiseonerr=True)
+multihost.client[0].run_command(fw_r1, raiseoner