[SSSD] [sssd PR#5952][+Tests] Tests: sssctl analyze capture tevent chain ID logic in logs
URL: https://github.com/SSSD/sssd/pull/5952 Title: #5952: Tests: sssctl analyze capture tevent chain ID logic in logs Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5952][opened] Tests: sssctl analyze capture tevent chain ID logic in logs
URL: https://github.com/SSSD/sssd/pull/5952 Author: shridhargadekar Title: #5952: Tests: sssctl analyze capture tevent chain ID logic in logs Action: opened PR body: """ sssctl analyze should capture tevent chain ID in the sssd nss, pam logs, verifies #5863 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5952/head:pr5952 git checkout pr5952 From d4c4efbe35ae3c73c049fa6a7b2d112603a518fb Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 18 Jan 2022 00:04:12 +0530 Subject: [PATCH] Tests: sssctl analyze capture tevent chain ID logic in logs sssctl analyze should capture tevent chain ID in the logs, verifies #5863 --- .../alltests/test_sssctl_analyzer.py | 46 +++ 1 file changed, 46 insertions(+) diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py index 05fdc88bd3..85b9c944be 100644 --- a/src/tests/multihost/alltests/test_sssctl_analyzer.py +++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py @@ -181,3 +181,49 @@ def test_analyzer_pam_logs(self, multihost, backupsssdconf): 'SSS_PAM_ACCT_MGMT', 'SSS_PAM_SETCRED'] for pam_auth in pam_cmds: assert pam_auth in stdout + +def test_analyze_tevent_id(self, multihost, backupsssdconf): +""" +:title: sssctl analyze to parse tevent chain IDs from logs +:id: f748766c-0177-4306-9e7f-816586734e14 +:description: sssctl analyze should able to parse tevent chain + IDs from responder logs +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670 +:steps: +1. Configure sssd to authenticate against directory server +2. Enable debug_level to 9 in the 'nss', 'pam' and domain section +3. Restart SSSD with cleared cache +4. Log in as a user using ssh +5. Confirm tevent chain IDs(RID) is showing in logs +:expectedresults: +1. Should succeed +2. Should succeed +3. Should succeed +4. Should succeed +5. Should succeed +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd/') +dm_sec = ['nss', 'pam'] +sssd_params = {'debug_level': '9'} +for sec_op in dm_sec: +tools.sssd_conf(sec_op, sssd_params, action='update') +multihost.client[0].service_sssd('start') +i_cmd = f'id foo1@{ds_instance_name}' +multihost.client[0].run_command(i_cmd, raiseonerr=False) +user = f'foo1@{ds_instance_name}' +client_hostname = multihost.client[0].sys_hostname +client = pexpect_ssh(client_hostname, user, 'Secret123', + debug=False) +try: +client.login() +except SSHLoginException: +pytest.fail(f"{user} failed to login") +else: +client.logout() +_, stdout = analyzer(multihost, 'show 1') +assert 'RID #' in stdout +_, stdout = analyzer(multihost, 'show 1 --pam') +assert 'RID #' in stdout ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5908][comment] Check default debug level of sssd and corresponding logs
URL: https://github.com/SSSD/sssd/pull/5908 Title: #5908: Check default debug level of sssd and corresponding logs shridhargadekar commented: """ @sgoveas Could you implement f-strings instead of currently used string formatting. """ See the full comment at https://github.com/SSSD/sssd/pull/5908#issuecomment-1009636603 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5929][comment] Tests: Add tests for poor man's backtrace
URL: https://github.com/SSSD/sssd/pull/5929 Title: #5929: Tests: Add tests for poor man's backtrace shridhargadekar commented: """ PR looks good from code perspective. Once questions from Alexey are answered, we could merge it. """ See the full comment at https://github.com/SSSD/sssd/pull/5929#issuecomment-1009633768 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5830][+Changes requested] Tests: Port the old ns_account_lock.sh script to pytest
URL: https://github.com/SSSD/sssd/pull/5830 Title: #5830: Tests: Port the old ns_account_lock.sh script to pytest Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5929][comment] Tests: Add tests for poor man's backtrace
URL: https://github.com/SSSD/sssd/pull/5929 Title: #5929: Tests: Add tests for poor man's backtrace shridhargadekar commented: """ Some places in code, are using f-strings and some are not. Like line34,37 and other. Try to implement f-strings through out the MR. """ See the full comment at https://github.com/SSSD/sssd/pull/5929#issuecomment-1006391313 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5930][-Blocked] Tests: Health and Support Analyzer - Add request log parsing utility
URL: https://github.com/SSSD/sssd/pull/5930 Title: #5930: Tests: Health and Support Analyzer - Add request log parsing utility Label: -Blocked ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5930][comment] Tests: Health and Support Analyzer - Add request log parsing utility
URL: https://github.com/SSSD/sssd/pull/5930 Title: #5930: Tests: Health and Support Analyzer - Add request log parsing utility shridhargadekar commented: """ > Hi Shridhar, > > #5863 changed how the chain ID is logged in responders, and also changed the > analyzer log parsing to cope with this. I haven't checked but it may require > these analyzer tests to be updated. > > If you have any questions feel free to ping me. @justin-stephenson , I checked the PR against latest package version, and this PR executes the tests correctly. From latest changes in sssd version, above tests do not need any changes. However More tests could be added. """ See the full comment at https://github.com/SSSD/sssd/pull/5930#issuecomment-1006003668 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5930][comment] Tests: Health and Support Analyzer - Add request log parsing utility
URL: https://github.com/SSSD/sssd/pull/5930 Title: #5930: Tests: Health and Support Analyzer - Add request log parsing utility shridhargadekar commented: """ > Hi Shridhar, > > #5863 changed how the chain ID is logged in responders, and also changed the > analyzer log parsing to cope with this. I haven't checked but it may require > these analyzer tests to be updated. > > If you have any questions feel free to ping me. I checked the PR against latest package version, and this PR executes the tests correctly. From latest changes in sssd version, above tests do not need any changes. However More tests could be added. """ See the full comment at https://github.com/SSSD/sssd/pull/5930#issuecomment-1006003668 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5925][+Changes requested] TEST: Current value of ssh_hash_known_hosts causes error in the default configuration in FIPS mode
URL: https://github.com/SSSD/sssd/pull/5925 Title: #5925: TEST: Current value of ssh_hash_known_hosts causes error in the default configuration in FIPS mode Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5925][-Accepted] TEST: Current value of ssh_hash_known_hosts causes error in the default configuration in FIPS mode
URL: https://github.com/SSSD/sssd/pull/5925 Title: #5925: TEST: Current value of ssh_hash_known_hosts causes error in the default configuration in FIPS mode Label: -Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5930][synchronized] Tests: Health and Support Analyzer - Add request log parsing utility
URL: https://github.com/SSSD/sssd/pull/5930 Author: shridhargadekar Title: #5930: Tests: Health and Support Analyzer - Add request log parsing utility Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5930/head:pr5930 git checkout pr5930 From fe5bfbe551e570875afb88f6fd1dc72b2b8857de Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 21 Dec 2021 00:35:14 +0530 Subject: [PATCH] Tests: Health and Support Analyzer - Add request log parsing utility Verifies: #5712 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670 --- .../alltests/test_sssctl_analyzer.py | 183 ++ 1 file changed, 183 insertions(+) create mode 100644 src/tests/multihost/alltests/test_sssctl_analyzer.py diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py new file mode 100644 index 00..b4a99b40f6 --- /dev/null +++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py @@ -0,0 +1,183 @@ +"""Automation tests for sssctl analyzer +:requirement: sssctl analyzer +:casecomponent: sssd +:subsystemteam: sst_idm_sssd +:upstream: yes +""" +import pytest +from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.exceptions import SSHLoginException +from constants import ds_instance_name + + +def analyzer(multihost, req_arg, arg=None): +""" +Execute sssctl analyze command with given action and options +and return the exit status as well as command output +:param str req_arg: command action to perform, values could be +'list' or 'show' or 'show ' +: param str arg: optional argument string. values could be +'--source ' or '--logdir ' or '--help' +""" +if arg is None: +arg = '' +cmd1 = f'sssctl analyze {arg} request {req_arg}' +cmd = multihost.client[0].run_command(cmd1, raiseonerr=False) +return cmd.returncode, cmd.stdout_text + + +@pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') +@pytest.mark.analyzer +@pytest.mark.tier1_2 +class TestSssctlAnalyzer(object): +""" sssctl analyze test suite """ +def test_analyzer_list(self, multihost, backupsssdconf): +""" +:title: sssctl analyzer list to show captured nss related + requests from sssd log +:id: 95e18ae1-6c4a-4baa-8202-fe33fe82bdec +:description: sssctl analyzer request list is able to capture the user + and group related requests raised when commands like id and getent + are executed +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670 +:steps: +1. Configure sssd to authenticate against directory server +2. Enable debug_level to 9 in the 'nss', 'pam' and domain section +3. Restart SSSD with cleared cache +4. Fetch user and group information using 'id' and 'getent' tools +5. Run 'sssctl analyzer request list' +6. Check with sssctl analyzer is listing id and getent instances +7. sssctl analyzer with subcmd 'show' and request number is listing + logs related to that number only +:expectedresults: +1. Should succeed +2. Should succeed +3. Should succeed +4. Should succeed +5. Should succeed +6. Should succeed +7. Should succeed +""" +tools = sssdTools(multihost.client[0]) +sec = ['nss', 'pam'] +sssd_params = {'debug_level': '9'} +for sec_op in sec: +tools.sssd_conf(sec_op, sssd_params, action='update') +multihost.client[0].service_sssd('start') +tools.clear_sssd_cache() +cmd = f'getent group ldapusers@{ds_instance_name}' +multihost.client[0].run_command(cmd, raiseonerr=False) +cmd = f'id foo1@{ds_instance_name}' +multihost.client[0].run_command(cmd, raiseonerr=False) +for act_op in ['list', 'list -v']: +_, stdout = analyzer(multihost, act_op) +assert all(ptn in stdout for ptn in ['id', 'getent']) +tools.clear_sssd_cache() +cmd = f'getent passwd foo1@{ds_instance_name}' +multihost.client[0].run_command(cmd, raiseonerr=False) +for act_op in ['list', 'list -v']: +_, stdout = analyzer(multihost, act_op) +assert all(ptn in stdout for ptn in ['CID #1', 'getent']) + +def test_analyzer_diff_log_location(self, multihost
[SSSD] [sssd PR#5930][+Tests] Tests: Health and Support Analyzer - Add request log parsing utility
URL: https://github.com/SSSD/sssd/pull/5930 Title: #5930: Tests: Health and Support Analyzer - Add request log parsing utility Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5930][opened] Tests: Health and Support Analyzer - Add request log parsing utility
URL: https://github.com/SSSD/sssd/pull/5930 Author: shridhargadekar Title: #5930: Tests: Health and Support Analyzer - Add request log parsing utility Action: opened PR body: """ Tests for Health and Support Analyzer - Add request log parsing utility Verifies: #5712 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5930/head:pr5930 git checkout pr5930 From 61eed761a165af9df2d4c09509539861a9d2937c Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 21 Dec 2021 00:35:14 +0530 Subject: [PATCH] Tests: Health and Support Analyzer - Add request log parsing utility Verifies: #5712 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670 --- .../alltests/test_sssctl_analyzer.py | 175 ++ 1 file changed, 175 insertions(+) create mode 100644 src/tests/multihost/alltests/test_sssctl_analyzer.py diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py new file mode 100644 index 00..eac79bbb88 --- /dev/null +++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py @@ -0,0 +1,175 @@ +"""Automation tests for sssctl analyzer +:requirement: sssctl analyzer +:casecomponent: sssd +:subsystemteam: sst_idm_sssd +:upstream: yes +""" +import pytest +from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.exceptions import SSHLoginException +from constants import ds_instance_name + + +def analyzer(multihost, req_arg, arg=None): +if arg is None: +arg = '' +cmd1 = f'sssctl analyze {arg} request {req_arg}' +cmd = multihost.client[0].run_command(cmd1, raiseonerr=False) +return cmd.returncode, cmd.stdout_text + + +@pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') +@pytest.mark.analyzer +@pytest.mark.tier1_2 +class TestSssctlAnalyzer(object): +""" sssctl analyze test suite """ +def test_analyzer_list(self, multihost, backupsssdconf): +""" +:title: sssctl analyzer list to show captured nss related + requests from sssd log +:id: 95e18ae1-6c4a-4baa-8202-fe33fe82bdec +:description: sssctl analyzer request list is able to capture the user + and group related requests raised when commands like id and getent + are executed +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1294670 +:steps: +1. Configure sssd to authenticate against directory server +2. Enable debug_level to 9 in the 'nss', 'pam' and domain section +3. Restart SSSD with cleared cache +4. Fetch user and group information using 'id' and 'getent' tools +5. Run 'sssctl analyzer request list' +6. Check with sssctl analyzer is listing id and getent instances +7. sssctl analyzer with subcmd 'show' and request number is listing + logs related to that number only +:expectedresults: +1. Should succeed +2. Should succeed +3. Should succeed +4. Should succeed +5. Should succeed +6. Should succeed +7. Should succeed +""" +tools = sssdTools(multihost.client[0]) +sec = ['nss', 'pam'] +sssd_params = {'debug_level': '9'} +for section in sec: +tools.sssd_conf(section, sssd_params, action='update') +multihost.client[0].service_sssd('start') +tools.clear_sssd_cache() +cmd = f'getent group ldapusers@{ds_instance_name}' +multihost.client[0].run_command(cmd, raiseonerr=False) +cmd = f'id foo1@{ds_instance_name}' +multihost.client[0].run_command(cmd, raiseonerr=False) +for op in ['list', 'list -v']: +_, stdout = analyzer(multihost, op) +assert all(ptn in stdout for ptn in ['id', 'getent']) +tools.clear_sssd_cache() +cmd = f'getent passwd foo1@{ds_instance_name}' +multihost.client[0].run_command(cmd, raiseonerr=False) +for op in ['list', 'list -v']: +_, stdout = analyzer(multihost, op) +assert all(ptn in stdout for ptn in ['CID #1', 'getent']) + +def test_analyzer_diff_log_location(self, multihost, backupsssdconf): +""" +:title: sssctl analyzer able to parse sssd logs from non-default + location +:description: sssctl analyzer should be able to parse the sssd logs + from different location or logs from other hos
[SSSD] [sssd PR#5887][-Changes requested] Tests: proxy provider, user's removed secondary group remains in sssd cache
URL: https://github.com/SSSD/sssd/pull/5887 Title: #5887: Tests: proxy provider, user's removed secondary group remains in sssd cache Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5887][synchronized] Tests: proxy provider, user's removed secondary group remains in sssd cache
URL: https://github.com/SSSD/sssd/pull/5887 Author: shridhargadekar Title: #5887: Tests: proxy provider, user's removed secondary group remains in sssd cache Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5887/head:pr5887 git checkout pr5887 From aebefbee291a6f5e78476a7185a7691130745f9b Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 23 Nov 2021 20:26:57 +0530 Subject: [PATCH] Tests: Removed secondary group shown in cache Verifies: #5783 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970 --- src/tests/multihost/alltests/test_proxy.py | 59 ++ 1 file changed, 59 insertions(+) diff --git a/src/tests/multihost/alltests/test_proxy.py b/src/tests/multihost/alltests/test_proxy.py index 038f4e8b11..bdf502c0b0 100644 --- a/src/tests/multihost/alltests/test_proxy.py +++ b/src/tests/multihost/alltests/test_proxy.py @@ -80,6 +80,65 @@ def test_0001_1724717(self, multihost): multihost.client[0].run_command(del_user) multihost.client[0].run_command(restore) +def test_0003_update_removed_grp_membership(self, multihost, +backupsssdconf): +""" +:title: proxy: secondary group is shown in sssd cache after + group is removed +:id: 7cfb9aa9-6e68-4914-afb8-ecfae132aa84 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1917970 +:customerscenario: true +:steps: + 1. Edit sssd.conf and configure proxy provider with + entry_cache_timeout = 1 + 2. Restart SSSD with cleared cache + 3. Create a localuser and localgroup + 4. Add that localuser to the localgroup + 5. Assert localgroup is shown in localuser's group list + 6. Remove localuser from localgroup + 7. Assert that after entry_cache_timeout, localuser's groups + are not listing localgroup +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + 6. Should succeed + 7. Should succeed +""" +tools = sssdTools(multihost.client[0]) +domain_name = tools.get_domain_section_name() +l_usr, l_grp = 'testuser', 'testgroup' +multihost.client[0].run_command(f'useradd {l_usr}') +multihost.client[0].run_command(f'groupadd {l_grp}') +multihost.client[0].run_command(f'usermod -aG {l_grp} {l_usr}') +domain_params = {'id_provider': 'proxy', + 'proxy_lib_name': 'files', + 'auth_provider': 'krb5', + 'ignore_group_members': 'False', + 'cache_credentials': 'True', + 'entry_cache_timeout': '1', + 'krb5_validate': 'True'} +tools.sssd_conf('domain/%s' % domain_name, domain_params) +del_domain_params = {'ldap_uri': 'ldaps:%s' % + (multihost.master[0].run_command), + 'ldap_tls_cacert': + '/etc/openldap/cacerts/cacert.pem', + 'ldap_search_base': ds_suffix, + 'use_fully_qualified_names': 'True'} +tools.sssd_conf('domain/%s' % domain_name, +del_domain_params, action='delete') +tools.clear_sssd_cache() +cmd = multihost.client[0].run_command(f'groups {l_usr}') +assert 'testgroup' in cmd.stdout_text +multihost.client[0].run_command(f'gpasswd -d {l_usr} {l_grp}') +time.sleep(1) +cmd = multihost.client[0].run_command(f'groups {l_usr}') +multihost.client[0].run_command(f'userdel -rf {l_usr}') +multihost.client[0].run_command(f'groupdel -f {l_grp}') +assert 'testgroup' not in cmd.stdout_text + def test_innetgr_threads(self, multihost, backupsssdconf): """ :title: Verify sssd is thread-safe in innetgr ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5887][opened] Tests: proxy provider, user's removed secondary group remains in sssd cache
URL: https://github.com/SSSD/sssd/pull/5887 Author: shridhargadekar Title: #5887: Tests: proxy provider, user's removed secondary group remains in sssd cache Action: opened PR body: """ Verifies: #5783 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5887/head:pr5887 git checkout pr5887 From 40c698fa67b37e258529f9961b895edd97447bab Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 23 Nov 2021 20:26:57 +0530 Subject: [PATCH] Tests: Removed secondary group shown in cache Verifies: #5783 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970 --- src/tests/multihost/alltests/test_proxy.py | 61 ++ 1 file changed, 61 insertions(+) diff --git a/src/tests/multihost/alltests/test_proxy.py b/src/tests/multihost/alltests/test_proxy.py index 038f4e8b11..847678b520 100644 --- a/src/tests/multihost/alltests/test_proxy.py +++ b/src/tests/multihost/alltests/test_proxy.py @@ -80,6 +80,67 @@ def test_0001_1724717(self, multihost): multihost.client[0].run_command(del_user) multihost.client[0].run_command(restore) +def test_0003_update_removed_grp_membership(self, multihost, +backupsssdconf): +""" +:title: proxy: secondary group is shown in sssd cache after + group is removed +:id: 7cfb9aa9-6e68-4914-afb8-ecfae132aa84 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1917970 +:customerscenario: true +:steps: + 1. Edit sssd.conf and configure proxy provider with + entry_cache_timeout = 1 + 2. Restart SSSD with cleared cache + 3. Create a localuser and localgroup + 4. Add that localuser to the localgroup + 5. Assert localgroup is shown in localuser's group list + 6. Remove localuser from localgroup + 7. Assert that after entry_cache_timeout, localuser's groups + are not listing localgroup +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + 6. Should succeed + 7. Should succeed +""" +tools = sssdTools(multihost.client[0]) +domain_name = tools.get_domain_section_name() +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +l_usr, l_grp = 'testuser', 'testgroup' +multihost.client[0].run_command(f'useradd {l_usr}') +multihost.client[0].run_command(f'groupadd {l_grp}') +multihost.client[0].run_command(f'usermod -aG {l_grp} {l_usr}') +domain_params = {'id_provider': 'proxy', + 'proxy_lib_name': 'files', + 'auth_provider': 'krb5', + 'ignore_group_members': 'False', + 'cache_credentials': 'True', + 'entry_cache_timeout': '1', + 'krb5_validate': 'True'} +tools.sssd_conf('domain/%s' % domain_name, domain_params) +del_domain_params = {'ldap_uri': 'ldaps:%s' % + (multihost.master[0].run_command), + 'ldap_tls_cacert': + '/etc/openldap/cacerts/cacert.pem', + 'ldap_search_base': ds_suffix, + 'use_fully_qualified_names': 'True'} +tools.sssd_conf('domain/%s' % domain_name, +del_domain_params, action='delete') +multihost.client[0].service_sssd('start') +cmd = multihost.client[0].run_command(f'groups {l_usr}') +assert 'testgroup' in cmd.stdout_text +multihost.client[0].run_command(f'gpasswd -d {l_usr} {l_grp}') +time.sleep(1) +cmd = multihost.client[0].run_command(f'groups {l_usr}') +multihost.client[0].run_command(f'userdel -rf {l_usr}') +multihost.client[0].run_command(f'groupdel -f {l_grp}') +assert 'testgroup' not in cmd.stdout_text + def test_innetgr_threads(self, multihost, backupsssdconf): """ :title: Verify sssd is thread-safe in innetgr ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5884][edited] Tests: autofs lookups for unknown mounts are delayed for 50s
URL: https://github.com/SSSD/sssd/pull/5884 Author: shridhargadekar Title: #5884: Tests: autofs lookups for unknown mounts are delayed for 50s Action: edited Changed field: body Original value: """ Verifies: #5832 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218 """ Changed field: title Original value: """ S4042 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5884][opened] S4042
URL: https://github.com/SSSD/sssd/pull/5884 Author: shridhargadekar Title: #5884: S4042 Action: opened PR body: """ Verifies: #5832 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5884/head:pr5884 git checkout pr5884 From 7b43db027a7b371665851c8d8765d5debcb33e4b Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Sat, 20 Nov 2021 03:02:39 +0530 Subject: [PATCH 1/3] Tests: autofs lookups for unknown mounts are delayed for 50s Verifies: #5832 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2013218 --- .../multihost/alltests/test_automount.py | 41 +++ 1 file changed, 41 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 4607f14863..173422e900 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -510,3 +510,44 @@ def test_009_maps_after_coming_online(self, multihost, add_nisobject): cmd = 'dnf remove -y firewalld' multihost.client[0].run_command(cmd, raiseonerr=True) assert cmd2 == 0 + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1 +def test_010_delay_in_unknown_mnt_pt_lookup_error(self, multihost, + add_nisobject): +""" +:title: IDM-SSSD-TC: LDAP-Provider: Automount: autofs lookups for + unknown mounts are delayed for 50s +:id: 3dd2b183-3511-460c-aed2-b5fca08879d9 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013218 +:customerscenario: True +:steps: + 1. Edit sssd.conf and specify autofs_provider = ldap and restart + autofs + 2. Access /export share + 3. Access Non-existen mount point +:expectedresults: + 1. Should succeed + 2. /export share should be mounted successfully + 3. Error for Non-existent share should appear immediately +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +for service in ['sssd', 'autofs']: +srv = 'systemctl restart %s' % service +try: +multihost.client[0].run_command(srv) +except subprocess.CalledProcessError: +pytest.fail("Unable to start %s service" % service) +time.sleep(5) +try: +multihost.client[0].run_command(['automount', '-m']) +except subprocess.CalledProcessError: +pytest.fail("automount -m command failed") +nfs_test = 'stat /export/nfs-test' +cmd = multihost.client[0].run_command(nfs_test, raiseonerr=False) +assert cmd.returncode == 0 +nfs_test = 'time stat /export/non_existing_nfs' +tm1 = time.time() +cmd = multihost.client[0].run_command(nfs_test, raiseonerr=False) +tm2 = time.time() +assert cmd.returncode != 0 and tm2 - tm1 <= 4 From 76df5f8fced098157d6ba5ee5eaffa709bdc417c Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Sat, 20 Nov 2021 03:14:49 +0530 Subject: [PATCH 2/3] removed the testcase --- .../multihost/alltests/test_automount.py | 41 --- 1 file changed, 41 deletions(-) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 173422e900..4607f14863 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -510,44 +510,3 @@ def test_009_maps_after_coming_online(self, multihost, add_nisobject): cmd = 'dnf remove -y firewalld' multihost.client[0].run_command(cmd, raiseonerr=True) assert cmd2 == 0 - -@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) -@pytest.mark.tier1 -def test_010_delay_in_unknown_mnt_pt_lookup_error(self, multihost, - add_nisobject): -""" -:title: IDM-SSSD-TC: LDAP-Provider: Automount: autofs lookups for - unknown mounts are delayed for 50s -:id: 3dd2b183-3511-460c-aed2-b5fca08879d9 -:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2013218 -:customerscenario: True -:steps: - 1. Edit sssd.conf and specify autofs_provider = ldap and restart - autofs - 2. Access /export share - 3. Access Non-existen mount point -:expectedresults: - 1. Should succeed - 2. /export share should be mounted successfully - 3. Erro
[SSSD] [sssd PR#5884][+Tests] S4042
URL: https://github.com/SSSD/sssd/pull/5884 Title: #5884: S4042 Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5843][comment] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815
URL: https://github.com/SSSD/sssd/pull/5843 Title: #5843: Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 shridhargadekar commented: """ Passed testruns https://gitlab.cee.redhat.com/sssd/sssd-qe/-/jobs/4851132 https://gitlab.cee.redhat.com/sssd/sssd-qe/-/merge_requests/1387 """ See the full comment at https://github.com/SSSD/sssd/pull/5843#issuecomment-952938214 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5843][+Tests] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815
URL: https://github.com/SSSD/sssd/pull/5843 Title: #5843: Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5843][opened] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815
URL: https://github.com/SSSD/sssd/pull/5843 Author: shridhargadekar Title: #5843: Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 Action: opened PR body: """ Verifies: #5568 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5843/head:pr5843 git checkout pr5843 From 2f7a7102a9b0325da96931f8722f577ae74284a0 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 27 Oct 2021 13:31:13 +0530 Subject: [PATCH] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 Verifies: #5568 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 --- src/tests/multihost/ipa/test_adtrust.py | 86 + 1 file changed, 86 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index b3dae24700..64ff28aa3c 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -9,7 +9,9 @@ import re import time import pytest +import paramiko from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.utils import SSHClient @pytest.mark.usefixtures('setup_ipa_client') @@ -27,6 +29,90 @@ def test_basic_sssctl_list(self, multihost): mylist = cmd.stdout_text.split() assert ad_domain_name in mylist +def test_pam_sss_gss_handle_large_krb_ticket(self, multihost, + create_aduser_group): +""" +:title: Verify pam_sss_gss.so can handle large kerberos ticket +for sudo +:id: 456ea53b-6702-4b8e-beb1-eee841b85fed +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 +:steps: + 1. Add sudo rule in IPA-server for AD-users + 2. Modify /etc/krb5.conf.d/kcm_default_ccache to specify location +of storing a TGT + 3. Enable pam_sss_gss.so for auth in /etc/pam.d/{sudo,sudo-i} files + 4. Add a sudo rule for AD-user + 5. Log in on ipa-client as AD-user + 6. Run kinit and fetch tgt + 7. Run sudo command + 8. Remove sudo cache + 9. Run sudo command again +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + 6. Should succeed + 7. Should not ask password, and should succeed + 8. Should succeed + 9. Should not ask password, and should succeed + +""" +(aduser, adgroup) = create_aduser_group +ad_dmn_name = multihost.ad[0].domainname +fq_aduser = f'{aduser}@{ad_dmn_name}' +client = sssdTools(multihost.client[0], multihost.ad[0]) +ipaserver = sssdTools(multihost.master[0]) +cmd = 'dnf install -y sssd sssd-kcm' +multihost.client[0].run_command(cmd, raiseonerr=False) +domain_name = ipaserver.get_domain_section_name() +domain_section = 'domain/{}'.format(domain_name) +params = {'pam_gssapi_services': 'sudo, sudo-i'} +client.sssd_conf(domain_section, params) +krbkcm = '/etc/krb5.conf.d/kcm_default_ccache' +bk_krbkcm = '/tmp/kcm_default_ccache' +multihost.client[0].run_command(f'cp {krbkcm} {bk_krbkcm}') +cmd = "echo -e '[libdefaults]\n' \ + 'default_ccache_name = FILE:/tmp/krb5cc_%{uid}:'" +multihost.client[0].run_command(cmd, raiseonerr=False) +multihost.client[0].service_sssd('restart') +pam_sss_gss = "auth sufficient pam_sss_gss.so debug" +for pam_file in "/etc/pam.d/sudo-i", "/etc/pam.d/sudo": +cmd = f'sed -i "1 i {pam_sss_gss}" {pam_file}' +multihost.client[0].run_command(cmd, raiseonerr=False) +cmd = f'echo "{fq_aduser} ALL=(ALL) ALL" >> /etc/sudoers' +multihost.client[0].run_command(cmd, raiseonerr=False) +log = re.compile(f'.*System.*error.*Broken.*pipe.*') +try: +ssh = SSHClient(multihost.client[0].ip, +username=f'{fq_aduser}', +password='Secret123') +except paramiko.ssh_exception.AuthenticationException: +pytest.fail(f'{aduser} failed to login') +else: +(_, _, exit_status) = ssh.execute_cmd(f'kinit {fq_aduser}', + stdin='Secret123') +assert exit_status == 0 +(stdout, _, exit_status) = ssh.execute_cmd('sudo -l') +assert exit_status == 0 +
[SSSD] [sssd PR#5813][closed] Tests: files provider automation
URL: https://github.com/SSSD/sssd/pull/5813 Author: shridhargadekar Title: #5813: Tests: files provider automation Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5813/head:pr5813 git checkout pr5813 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5817][closed] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815
URL: https://github.com/SSSD/sssd/pull/5817 Author: shridhargadekar Title: #5817: Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5817/head:pr5817 git checkout pr5817 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5817][+Tests] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815
URL: https://github.com/SSSD/sssd/pull/5817 Title: #5817: Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5817][opened] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815
URL: https://github.com/SSSD/sssd/pull/5817 Author: shridhargadekar Title: #5817: Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 Action: opened PR body: """ Verifies: #5568 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5817/head:pr5817 git checkout pr5817 From 119794f2ef5492dcaa82c3ecd004416c0ee26b04 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 6 Oct 2021 18:49:05 +0530 Subject: [PATCH] Tests: pam_sss_gss.so doesn't work with large kerberos tickets #5815 Verifies: #5568 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 --- src/tests/multihost/ipa/test_adtrust.py | 76 + 1 file changed, 76 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index b3dae24700..d5f039b0f6 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -292,3 +292,79 @@ def test_nss_get_by_name_with_private_group(self, multihost): assert cmd_adm.returncode == 0, 'Something wrong with setup!' assert cmd_usr.returncode == 0, \ f"pysss_nss_idmap.getsidbyname for {username} failed" + +def test_sudo_kerberos_ticket(self, multihost, create_aduser_group): +""" +:title: Verify pam_sss_gss.so can handle large kerberos ticket +for sudo +:id: 456ea53b-6702-4b8e-beb1-eee841b85fed +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 +:steps: + 1. Add sudo rule in IPA-server for AD-users + 2. Modify /etc/krb5.conf.d/kcm_default_ccache to specify location +of storing a TGT + 3. Enable pam_sss_gss.so for auth in /etc/pam.d/{sudo,sudo-i} files + 4. Add a sudo rule for AD-user + 5. Log in on ipa-client as AD-user + 6. Run kinit and fetch tgt + 7. Run sudo command + 8. Remove sudo cache + 9. Run sudo command again + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + 6. Should succeed + 7. Should not ask password, and should succeed + 8. Should succeed + 9. Should not ask password, and should succeed +""" +(aduser, adgroup) = create_aduser_group +client = sssdTools(multihost.client[0], multihost.ad[0]) +ipaserver = sssdTools(multihost.master[0]) +cmd = 'dnf install -y sssd sssd-kcm' +multihost.client[0].run_command(cmd, raiseonerr=False) +domain_name = ipaserver.get_domain_section_name() +domain_section = 'domain/{}'.format(domain_name) +params = {'pam_gssapi_services': 'sudo, sudo-i'} +client.sssd_conf(domain_section, params) +krbkcm = '/etc/krb5.conf.d/kcm_default_ccache' +bk_krbkcm = '/tmp/kcm_default_ccache' +src = 'KCM:' +dest = 'FILE:/tmp/krb5cc_%{uid}' +multihost.client[0].run_command(f'cp {krbkcm} {bk_krbkcm}') +cmd = "echo -e '[libdefaults]\n' \ + 'default_ccache_name = FILE:/tmp/krb5cc_%{uid}:'" +multihost.client[0].run_command(cmd, raiseonerr=False) +multihost.client[0].service_sssd('restart') +pam_sss_gss = "auth sufficient pam_sss_gss.so debug" +for pam_file in "/etc/pam.d/sudo-i", "/etc/pam.d/sudo": +cmd = f'sed -i "1 i\{pam_sss_gss}" {pam_file}' +multihost.client[0].run_command(cmd, raiseonerr=False) +cmd = f'echo "{aduser} ALL=(ALL) ALL" >> /etc/sudoers' +multihost.client[0].run_command(cmd, raiseonerr=False) +try: +ssh = SSHClient(multihost.client[0].sys_hostname, +username=aduser, password='Secret123') + +except paramiko.ssh_exception.AuthenticationException: +pytest.fail(f'{aduser} failed to login') +else: +(_, _, exit_status) = ssh.execute_cmd(f'kinit {aduser}', + stdin='Secret123') +assert exit_status == 0 +(stdout, _, exit_status) = ssh.execute_cmd('sudo id') +assert 'uid=0(root)' in stdout.readlines() +(stdout, _, exit_status) = ssh.execute_cmd('sudo -k') +(stdout, _, exit_status) = ssh.execute_cmd('sudo -l') +assert '(ALL) ALL' in stdout.readlines() +client.sssd_conf(domain_section, params, act
[SSSD] [sssd PR#5815][closed] Tests: pam_sss_gss.so doesn't work with large kerberos tickets
URL: https://github.com/SSSD/sssd/pull/5815 Author: shridhargadekar Title: #5815: Tests: pam_sss_gss.so doesn't work with large kerberos tickets Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5815/head:pr5815 git checkout pr5815 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5815][opened] Tests: pam_sss_gss.so doesn't work with large kerberos tickets
URL: https://github.com/SSSD/sssd/pull/5815 Author: shridhargadekar Title: #5815: Tests: pam_sss_gss.so doesn't work with large kerberos tickets Action: opened PR body: """ Verifies: #5568 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5815/head:pr5815 git checkout pr5815 From 51cd0a66a207603d70e5d754d4c1e80a62894bb3 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 6 Oct 2021 18:42:03 +0530 Subject: [PATCH] Tests: pam_sss_gss.so doesn't work with large kerberos tickets Verifies: #5568 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 --- src/tests/multihost/ipa/test_adtrust.py | 78 + 1 file changed, 78 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 061199b466..2ca5e0fae4 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -104,3 +104,81 @@ def test_honour_idoverride(self, multihost, create_aduser_group): multihost.master[0].run_command(delete_id_view) ipa_client.clear_sssd_cache() assert count == 0 + + +def test_sudo_kerberos_ticket(self, multihost, create_aduser_group): +""" +:title: Verify pam_sss_gss.so can handle large kerberos ticket +for sudo +:id: 456ea53b-6702-4b8e-beb1-eee841b85fed +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1948657 +:steps: + 1. Add sudo rule in IPA-server for AD-users + 2. Modify /etc/krb5.conf.d/kcm_default_ccache to specify location +of storing a TGT + 3. Enable pam_sss_gss.so for auth in /etc/pam.d/{sudo,sudo-i} files + 4. Add a sudo rule for AD-user + 5. Log in on ipa-client as AD-user + 6. Run kinit and fetch tgt + 7. Run sudo command + 8. Remove sudo cache + 9. Run sudo command again + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + 6. Should succeed + 7. Should not ask password, and should succeed + 8. Should succeed + 9. Should not ask password, and should succeed + +""" +(aduser, adgroup) = create_aduser_group +client = sssdTools(multihost.client[0], multihost.ad[0]) +ipaserver = sssdTools(multihost.master[0]) +cmd = 'dnf install -y sssd sssd-kcm' +multihost.client[0].run_command(cmd, raiseonerr=False) +domain_name = ipaserver.get_domain_section_name() +domain_section = 'domain/{}'.format(domain_name) +params = {'pam_gssapi_services': 'sudo, sudo-i'} +client.sssd_conf(domain_section, params) +krbkcm = '/etc/krb5.conf.d/kcm_default_ccache' +bk_krbkcm = '/tmp/kcm_default_ccache' +src = 'KCM:' +dest = 'FILE:/tmp/krb5cc_%{uid}' +multihost.client[0].run_command(f'cp {krbkcm} {bk_krbkcm}') +cmd = "echo -e '[libdefaults]\n' \ + 'default_ccache_name = FILE:/tmp/krb5cc_%{uid}:'" +multihost.client[0].run_command(cmd, raiseonerr=False) +multihost.client[0].service_sssd('restart') +pam_sss_gss = "auth sufficient pam_sss_gss.so debug" +for pam_file in "/etc/pam.d/sudo-i", "/etc/pam.d/sudo": +cmd = f'sed -i "1 i\{pam_sss_gss}" {pam_file}' +multihost.client[0].run_command(cmd, raiseonerr=False) +cmd = f'echo "{aduser} ALL=(ALL) ALL" >> /etc/sudoers' +multihost.client[0].run_command(cmd, raiseonerr=False) +try: +ssh = SSHClient(multihost.client[0].sys_hostname, +username=aduser, password='Secret123') + +except paramiko.ssh_exception.AuthenticationException: +pytest.fail(f'{aduser} failed to login') +else: +(_, _, exit_status) = ssh.execute_cmd(f'kinit {aduser}', + stdin='Secret123') +assert exit_status == 0 +(stdout, _, exit_status) = ssh.execute_cmd('sudo id') +assert 'uid=0(root)' in stdout.readlines() +(stdout, _, exit_status) = ssh.execute_cmd('sudo -k') +(stdout, _, exit_status) = ssh.execute_cmd('sudo -l') +assert '(ALL) ALL' in stdout.readlines() +client.sssd_conf(domain_section, params, action='delete') +for p
[SSSD] [sssd PR#5813][+Tests] Tests: files provider automation
URL: https://github.com/SSSD/sssd/pull/5813 Title: #5813: Tests: files provider automation Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5813][synchronized] Tests: files provider automation
URL: https://github.com/SSSD/sssd/pull/5813 Author: shridhargadekar Title: #5813: Tests: files provider automation Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5813/head:pr5813 git checkout pr5813 From ce347a00257e2f670d97a24e7904be612dad69ac Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 6 Oct 2021 17:52:07 +0530 Subject: [PATCH] Tests: files provider automation verifies: #4295 --- src/tests/multihost/alltests/conftest.py | 44 +++ src/tests/multihost/alltests/test_files.py | 379 + 2 files changed, 423 insertions(+) create mode 100644 src/tests/multihost/alltests/test_files.py diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..be29bb49be 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -371,6 +371,28 @@ def remove_keys(): request.addfinalizer(remove_keys) +@pytest.fixture(scope="function") +def local_useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + @pytest.fixture(scope='function') def enable_multiple_responders(session_multihost, request): """ Enable multiple responders to sssd services """ @@ -798,6 +820,28 @@ def removesssd(): request.addfinalizer(removesssd) +@pytest.fixture(scope='class') +def setup_sssd_files(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(removeconf) +request.addfinalizer(removesssd) + + @pytest.fixture(scope="class") def multihost(session_multihost, request): """ Multihost fixture to be used by tests diff --git a/src/tests/multihost/alltests/test_files.py b/src/tests/multihost/alltests/test_files.py new file mode 100644 index 00..20ece93805 --- /dev/null +++ b/src/tests/multihost/alltests/test_files.py @@ -0,0 +1,379 @@ +from __future__ import print_function +import pdb +import re +import subprocess +import time +from sssd.testlib.common.utils import sssdTools + + +def getent_sss(multihost, obj, db): +gtnt = f'getent {db} -s sss {obj}' +cmd = multihost.client[0].run_command(gtnt, raiseonerr=False) +return cmd.returncode, cmd.stdout_text + + +def run_cmd(multihost, arg): +cmd = multihost.client[0].run_command(arg, raiseonerr=False) +return cmd.returncode, cmd.stdout_text + + +@pytest.mark.usefixtures("setup_sssd_files") +@pytest.mark.filesprovider +@pytest.mark.tier1_2 +class TestFilesProvider(object): +" This is a test case class for files-provider" +def test_001_local_usr_caching(self, multihost, local_useradd): +""" +:Title: local user caching with files-provider +:id: fa12373b-8285-4fca-afe1-5e544fd58674 +:customerscenario: false +:steps: +1. Create an unprivileged user +2. User details are returned from sss_cache +:expectedresults: +1. Should succeed +2. Should succeed +""" +multihost.client[0].service_sssd('start') +exit_status, ot = getent_sss(multihost, 'test1', "passwd") +assert exit_status == 0 + +def test_002
[SSSD] [sssd PR#5813][opened] Tests: files provider automation
URL: https://github.com/SSSD/sssd/pull/5813 Author: shridhargadekar Title: #5813: Tests: files provider automation Action: opened PR body: """ verifies: #4295 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5813/head:pr5813 git checkout pr5813 From ed4a94db16b8ceb573784da4ea54411899dfb3be Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 6 Oct 2021 17:52:07 +0530 Subject: [PATCH] Tests: files provider automation verifies: #4295 --- src/tests/multihost/alltests/conftest.py | 44 +++ src/tests/multihost/alltests/test_files.py | 382 + 2 files changed, 426 insertions(+) create mode 100644 src/tests/multihost/alltests/test_files.py diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..be29bb49be 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -371,6 +371,28 @@ def remove_keys(): request.addfinalizer(remove_keys) +@pytest.fixture(scope="function") +def local_useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + @pytest.fixture(scope='function') def enable_multiple_responders(session_multihost, request): """ Enable multiple responders to sssd services """ @@ -798,6 +820,28 @@ def removesssd(): request.addfinalizer(removesssd) +@pytest.fixture(scope='class') +def setup_sssd_files(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(removeconf) +request.addfinalizer(removesssd) + + @pytest.fixture(scope="class") def multihost(session_multihost, request): """ Multihost fixture to be used by tests diff --git a/src/tests/multihost/alltests/test_files.py b/src/tests/multihost/alltests/test_files.py new file mode 100644 index 00..65b9decf48 --- /dev/null +++ b/src/tests/multihost/alltests/test_files.py @@ -0,0 +1,382 @@ +from __future__ import print_function +import pdb +import re +import subprocess +import time +from sssd.testlib.common.utils import sssdTools + + +def getent_sss(multihost, obj, db): +gtnt = f'getent {db} -s sss {obj}' +cmd = multihost.client[0].run_command(gtnt, raiseonerr=False) +return cmd.returncode, cmd.stdout_text + + +def run_cmd(multihost, arg): +cmd = multihost.client[0].run_command(arg, raiseonerr=False) +return cmd.returncode, cmd.stdout_text + + +@pytest.mark.usefixtures("setup_sssd_files") +@pytest.mark.filesprovider +@pytest.mark.tier1 +class TestFilesProvider(object): +" This is a test case class for files-provider" +def test_001_local_usr_caching(self, multihost, local_useradd): +""" +:Title: local user caching with files-provider +:id: fa12373b-8285-4fca-afe1-5e544fd58674 +:customerscenario: false +:steps: +1. Create an unprivileged user +2. User details are returned from sss_cache +:expectedresults: +1. Should succeed +2. Should succeed +""" +multihost.client[0].service_sssd('start') +exit_status, ot = getent_sss(multihost, 'test1', "passwd") +
[SSSD] [sssd PR#5806][closed] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Author: shridhargadekar Title: #5806: Tests: files provider testcases Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5806/head:pr5806 git checkout pr5806 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5806][comment] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Title: #5806: Tests: files provider testcases shridhargadekar commented: """ Code will be rearranged in the alltests instead of a separate dir. """ See the full comment at https://github.com/SSSD/sssd/pull/5806#issuecomment-935790326 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Author: shridhargadekar Title: #5806: Tests: files provider testcases Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5806/head:pr5806 git checkout pr5806 From dcb4b3575a6804d241a63a716d9e3a3d76383e89 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 5 Oct 2021 00:13:38 +0530 Subject: [PATCH] verifies: ##4295 bugzilla: --- src/tests/multihost/files/conftest.py | 97 + .../multihost/files/test_files_provider.py| 382 ++ 2 files changed, 479 insertions(+) create mode 100644 src/tests/multihost/files/conftest.py create mode 100644 src/tests/multihost/files/test_files_provider.py diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py new file mode 100644 index 00..5e405839ac --- /dev/null +++ b/src/tests/multihost/files/conftest.py @@ -0,0 +1,97 @@ +"""conftest.py for all tests""" + +from __future__ import print_function +import subprocess +import os +import time +import posixpath +import pytest +from sssd.testlib.common.utils import sssdTools +from subprocess import CalledProcessError +from pytest_multihost import make_multihost_fixture +from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF +from sssd.testlib.common.qe_class import session_multihost +from sssd.testlib.common.qe_class import create_testdir +from datetime import datetime, timedelta + + +def pytest_configure(): +""" Namespace hook to add below dict in the pytest namespace """ +pytest.num_masters = 0 +pytest.num_ad = 0 +pytest.num_atomic = 0 +pytest.num_replicas = 0 +pytest.num_clients = 1 +pytest.num_others = 0 + + + +@pytest.fixture(scope="function") +def useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + +@pytest.fixture(scope='function') +def backupsssdconf(session_multihost, request): +""" Backup and restore sssd.conf """ +bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF, + SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(bkup) +session_multihost.client[0].service_sssd('stop') + +def restoresssdconf(): +""" Restore sssd.conf """ +restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(restore) +request.addfinalizer(restoresssdconf) +#+++ +@pytest.fixture(scope="class") +def multihost(session_multihost, request): +""" Multihost fixture to be used by tests +:param obj session_multihost: multihost object +:return obj session_multihost: return multihost object +""" +if hasattr(request.cls(), 'class_setup'): +request.cls().class_setup(session_multihost) +request.addfinalizer( +lambda: request.cls().class_teardown(session_multihost)) +return session_multihost + + +@pytest.fixture(scope='class') +def setup_sssd(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(removeconf) +request.addfinalizer(removesssd) diff --git
[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Author: shridhargadekar Title: #5806: Tests: files provider testcases Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5806/head:pr5806 git checkout pr5806 From af2d61f0c34b1b5bf5123c01a19e9f32b7943875 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 5 Oct 2021 00:13:38 +0530 Subject: [PATCH] verifies: ##4295 bugzilla: --- src/tests/multihost/files/conftest.py | 97 + .../multihost/files/test_files_provider.py| 354 ++ 2 files changed, 451 insertions(+) create mode 100644 src/tests/multihost/files/conftest.py create mode 100644 src/tests/multihost/files/test_files_provider.py diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py new file mode 100644 index 00..5e405839ac --- /dev/null +++ b/src/tests/multihost/files/conftest.py @@ -0,0 +1,97 @@ +"""conftest.py for all tests""" + +from __future__ import print_function +import subprocess +import os +import time +import posixpath +import pytest +from sssd.testlib.common.utils import sssdTools +from subprocess import CalledProcessError +from pytest_multihost import make_multihost_fixture +from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF +from sssd.testlib.common.qe_class import session_multihost +from sssd.testlib.common.qe_class import create_testdir +from datetime import datetime, timedelta + + +def pytest_configure(): +""" Namespace hook to add below dict in the pytest namespace """ +pytest.num_masters = 0 +pytest.num_ad = 0 +pytest.num_atomic = 0 +pytest.num_replicas = 0 +pytest.num_clients = 1 +pytest.num_others = 0 + + + +@pytest.fixture(scope="function") +def useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + +@pytest.fixture(scope='function') +def backupsssdconf(session_multihost, request): +""" Backup and restore sssd.conf """ +bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF, + SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(bkup) +session_multihost.client[0].service_sssd('stop') + +def restoresssdconf(): +""" Restore sssd.conf """ +restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(restore) +request.addfinalizer(restoresssdconf) +#+++ +@pytest.fixture(scope="class") +def multihost(session_multihost, request): +""" Multihost fixture to be used by tests +:param obj session_multihost: multihost object +:return obj session_multihost: return multihost object +""" +if hasattr(request.cls(), 'class_setup'): +request.cls().class_setup(session_multihost) +request.addfinalizer( +lambda: request.cls().class_teardown(session_multihost)) +return session_multihost + + +@pytest.fixture(scope='class') +def setup_sssd(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(removeconf) +request.addfinalizer(removesssd) diff --git
[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Author: shridhargadekar Title: #5806: Tests: files provider testcases Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5806/head:pr5806 git checkout pr5806 From df65d350fd08e9c820e6a0f52197df14d98c913e Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 5 Oct 2021 00:13:38 +0530 Subject: [PATCH] verifies: ##4295 bugzilla: --- src/tests/multihost/files/conftest.py | 97 + .../multihost/files/test_files_provider.py| 351 ++ 2 files changed, 448 insertions(+) create mode 100644 src/tests/multihost/files/conftest.py create mode 100644 src/tests/multihost/files/test_files_provider.py diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py new file mode 100644 index 00..5e405839ac --- /dev/null +++ b/src/tests/multihost/files/conftest.py @@ -0,0 +1,97 @@ +"""conftest.py for all tests""" + +from __future__ import print_function +import subprocess +import os +import time +import posixpath +import pytest +from sssd.testlib.common.utils import sssdTools +from subprocess import CalledProcessError +from pytest_multihost import make_multihost_fixture +from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF +from sssd.testlib.common.qe_class import session_multihost +from sssd.testlib.common.qe_class import create_testdir +from datetime import datetime, timedelta + + +def pytest_configure(): +""" Namespace hook to add below dict in the pytest namespace """ +pytest.num_masters = 0 +pytest.num_ad = 0 +pytest.num_atomic = 0 +pytest.num_replicas = 0 +pytest.num_clients = 1 +pytest.num_others = 0 + + + +@pytest.fixture(scope="function") +def useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + +@pytest.fixture(scope='function') +def backupsssdconf(session_multihost, request): +""" Backup and restore sssd.conf """ +bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF, + SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(bkup) +session_multihost.client[0].service_sssd('stop') + +def restoresssdconf(): +""" Restore sssd.conf """ +restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(restore) +request.addfinalizer(restoresssdconf) +#+++ +@pytest.fixture(scope="class") +def multihost(session_multihost, request): +""" Multihost fixture to be used by tests +:param obj session_multihost: multihost object +:return obj session_multihost: return multihost object +""" +if hasattr(request.cls(), 'class_setup'): +request.cls().class_setup(session_multihost) +request.addfinalizer( +lambda: request.cls().class_teardown(session_multihost)) +return session_multihost + + +@pytest.fixture(scope='class') +def setup_sssd(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(removeconf) +request.addfinalizer(removesssd) diff --g
[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Author: shridhargadekar Title: #5806: Tests: files provider testcases Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5806/head:pr5806 git checkout pr5806 From 9c3a9053db7d1ba59dde86a521d427b7284fc257 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 5 Oct 2021 00:13:38 +0530 Subject: [PATCH] verifies: ##4295 bugzilla: --- src/tests/multihost/files/conftest.py | 97 ++ .../multihost/files/test_files_provider.py| 279 ++ 2 files changed, 376 insertions(+) create mode 100644 src/tests/multihost/files/conftest.py create mode 100644 src/tests/multihost/files/test_files_provider.py diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py new file mode 100644 index 00..5e405839ac --- /dev/null +++ b/src/tests/multihost/files/conftest.py @@ -0,0 +1,97 @@ +"""conftest.py for all tests""" + +from __future__ import print_function +import subprocess +import os +import time +import posixpath +import pytest +from sssd.testlib.common.utils import sssdTools +from subprocess import CalledProcessError +from pytest_multihost import make_multihost_fixture +from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF +from sssd.testlib.common.qe_class import session_multihost +from sssd.testlib.common.qe_class import create_testdir +from datetime import datetime, timedelta + + +def pytest_configure(): +""" Namespace hook to add below dict in the pytest namespace """ +pytest.num_masters = 0 +pytest.num_ad = 0 +pytest.num_atomic = 0 +pytest.num_replicas = 0 +pytest.num_clients = 1 +pytest.num_others = 0 + + + +@pytest.fixture(scope="function") +def useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + +@pytest.fixture(scope='function') +def backupsssdconf(session_multihost, request): +""" Backup and restore sssd.conf """ +bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF, + SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(bkup) +session_multihost.client[0].service_sssd('stop') + +def restoresssdconf(): +""" Restore sssd.conf """ +restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(restore) +request.addfinalizer(restoresssdconf) +#+++ +@pytest.fixture(scope="class") +def multihost(session_multihost, request): +""" Multihost fixture to be used by tests +:param obj session_multihost: multihost object +:return obj session_multihost: return multihost object +""" +if hasattr(request.cls(), 'class_setup'): +request.cls().class_setup(session_multihost) +request.addfinalizer( +lambda: request.cls().class_teardown(session_multihost)) +return session_multihost + + +@pytest.fixture(scope='class') +def setup_sssd(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(removeconf) +request.addfinalizer(removesssd) diff --g
[SSSD] [sssd PR#5806][synchronized] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Author: shridhargadekar Title: #5806: Tests: files provider testcases Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5806/head:pr5806 git checkout pr5806 From 85d6e06d1d0ea1bc338b840a44b2c37b58163e84 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 5 Oct 2021 00:13:38 +0530 Subject: [PATCH] verifies: ##4295 bugzilla: --- src/tests/multihost/files/conftest.py | 97 ++ .../multihost/files/test_files_provider.py| 280 ++ 2 files changed, 377 insertions(+) create mode 100644 src/tests/multihost/files/conftest.py create mode 100644 src/tests/multihost/files/test_files_provider.py diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py new file mode 100644 index 00..5e405839ac --- /dev/null +++ b/src/tests/multihost/files/conftest.py @@ -0,0 +1,97 @@ +"""conftest.py for all tests""" + +from __future__ import print_function +import subprocess +import os +import time +import posixpath +import pytest +from sssd.testlib.common.utils import sssdTools +from subprocess import CalledProcessError +from pytest_multihost import make_multihost_fixture +from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF +from sssd.testlib.common.qe_class import session_multihost +from sssd.testlib.common.qe_class import create_testdir +from datetime import datetime, timedelta + + +def pytest_configure(): +""" Namespace hook to add below dict in the pytest namespace """ +pytest.num_masters = 0 +pytest.num_ad = 0 +pytest.num_atomic = 0 +pytest.num_replicas = 0 +pytest.num_clients = 1 +pytest.num_others = 0 + + + +@pytest.fixture(scope="function") +def useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + +@pytest.fixture(scope='function') +def backupsssdconf(session_multihost, request): +""" Backup and restore sssd.conf """ +bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF, + SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(bkup) +session_multihost.client[0].service_sssd('stop') + +def restoresssdconf(): +""" Restore sssd.conf """ +restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(restore) +request.addfinalizer(restoresssdconf) +#+++ +@pytest.fixture(scope="class") +def multihost(session_multihost, request): +""" Multihost fixture to be used by tests +:param obj session_multihost: multihost object +:return obj session_multihost: return multihost object +""" +if hasattr(request.cls(), 'class_setup'): +request.cls().class_setup(session_multihost) +request.addfinalizer( +lambda: request.cls().class_teardown(session_multihost)) +return session_multihost + + +@pytest.fixture(scope='class') +def setup_sssd(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(removeconf) +request.addfinalizer(removesssd) diff --git
[SSSD] [sssd PR#5806][+RFE] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Title: #5806: Tests: files provider testcases Label: +RFE ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5806][+Tests] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Title: #5806: Tests: files provider testcases Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5806][opened] Tests: files provider testcases
URL: https://github.com/SSSD/sssd/pull/5806 Author: shridhargadekar Title: #5806: Tests: files provider testcases Action: opened PR body: """ verifies: #4295 bugzilla: """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5806/head:pr5806 git checkout pr5806 From f6fd5a876182477746a8e0664e79ae43fc24d1ed Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 5 Oct 2021 00:13:38 +0530 Subject: [PATCH] verifies: ##4295 bugzilla: --- src/tests/multihost/files/conftest.py | 97 ++ .../multihost/files/test_files_provider.py| 280 ++ 2 files changed, 377 insertions(+) create mode 100644 src/tests/multihost/files/conftest.py create mode 100644 src/tests/multihost/files/test_files_provider.py diff --git a/src/tests/multihost/files/conftest.py b/src/tests/multihost/files/conftest.py new file mode 100644 index 00..5e405839ac --- /dev/null +++ b/src/tests/multihost/files/conftest.py @@ -0,0 +1,97 @@ +"""conftest.py for all tests""" + +from __future__ import print_function +import subprocess +import os +import time +import posixpath +import pytest +from sssd.testlib.common.utils import sssdTools +from subprocess import CalledProcessError +from pytest_multihost import make_multihost_fixture +from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF +from sssd.testlib.common.qe_class import session_multihost +from sssd.testlib.common.qe_class import create_testdir +from datetime import datetime, timedelta + + +def pytest_configure(): +""" Namespace hook to add below dict in the pytest namespace """ +pytest.num_masters = 0 +pytest.num_ad = 0 +pytest.num_atomic = 0 +pytest.num_replicas = 0 +pytest.num_clients = 1 +pytest.num_others = 0 + + + +@pytest.fixture(scope="function") +def useradd(session_multihost, request): +tool = sssdTools(session_multihost.client[0]) +users = ['test1', 'user1'] +groups = ['localgrp', 'l_grp1', 'l_grp2', 'l_grp3'] +for user in users: +cmd = f'useradd {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupadd {grp}' +session_multihost.client[0].run_command(cmd) + +def remove_local_users(): +for user in users: +cmd = f'userdel -rf {user}' +session_multihost.client[0].run_command(cmd) +for grp in groups: +cmd = f'groupdel {grp}' +session_multihost.client[0].run_command(cmd) +request.addfinalizer(remove_local_users) + + +@pytest.fixture(scope='function') +def backupsssdconf(session_multihost, request): +""" Backup and restore sssd.conf """ +bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF, + SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(bkup) +session_multihost.client[0].service_sssd('stop') + +def restoresssdconf(): +""" Restore sssd.conf """ +restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF) +session_multihost.client[0].run_command(restore) +request.addfinalizer(restoresssdconf) +#+++ +@pytest.fixture(scope="class") +def multihost(session_multihost, request): +""" Multihost fixture to be used by tests +:param obj session_multihost: multihost object +:return obj session_multihost: return multihost object +""" +if hasattr(request.cls(), 'class_setup'): +request.cls().class_setup(session_multihost) +request.addfinalizer( +lambda: request.cls().class_teardown(session_multihost)) +return session_multihost + + +@pytest.fixture(scope='class') +def setup_sssd(session_multihost, request): +""" Configure sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +sssd_params = {'domains': 'files'} +tools.sssd_conf('sssd', sssd_params) +domain_section = 'domain/%s' % 'files' +domain_params = { 'id_provider': 'files', + 'debug_level': '9'} +tools.sssd_conf(domain_section, domain_params) +start_sssd = 'systemctl start sssd' +session_multihost.client[0].run_command(start_sssd) + +def removesssd(): +""" Remove sssd configuration """ +stop_sssd = 'systemctl stop sssd' +session_multihost.client[0].run_command(stop_sssd) +removeconf = 'rm -f %s' % (SSSD_DEFAULT_CONF) +session_multihost.client[0].r
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From eb86433f43b80745dc2e3496274032bb4bc7de37 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 37 +++-- src/tests/multihost/alltests/test_sudo.py | 66 +-- 2 files changed, 94 insertions(+), 9 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..124a238e36 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,11 +424,38 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = f'ou=sudoers,{ds_suffix}' +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = f'domain/{ds_instance_name}' +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ -ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) -sudo_ou = 'ou=sudoers, %s' % ds_suffix +ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' +sudo_ou = f'ou=sudoers,{ds_suffix}' ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) @@ -439,12 +466,12 @@ def sudo_rule(session_multihost, request): sudo_options = ["!requiretty", "!authenticate"] sudo_cmd = '/usr/bin/head' sudo_user = 'foo1' -rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +rule_dn = f'cn={sudo_cmd},{sudo_ou}' try: ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', sudo_user, sudo_options) except LdapException: -pytest.fail("Failed to add sudo rule %s" % rule_dn) +pytest.fail(f"Failed to add sudo rule {rule_dn}") else: extra_user = 'foo2' add_extra = [(ldap.MOD_ADD, 'sudoUser', @@ -454,7 +481,7 @@ def sudo_rule(session_multihost, request): def del_sudo_rule(): """ Delete sudo rule """ -rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +rule_dn = f'cn={sudo_cmd},{sudo_ou}' (_, _) = ldap_inst.del_dn(rule_dn) (ret, _) = ldap_inst.del_dn(sudo_ou) assert ret == 'Success' diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..7bffc194df 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo fu
[SSSD] [sssd PR#5792][edited] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: edited Changed field: body Original value: """ verifies:#5604 bugzilla:https://bugzilla.redhat.com/show_bug.cgi?id=1925505 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5792][edited] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: edited Changed field: body Original value: """ verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From f51dc36ef2080d6a039018e7432ab8977b57c4df Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 37 +++-- src/tests/multihost/alltests/test_sudo.py | 66 +-- 2 files changed, 94 insertions(+), 9 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..d7f34b7c24 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,11 +424,38 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = f'ou=sudoers,{ds_suffix}' +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/{ds_instance_name}' +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ -ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) -sudo_ou = 'ou=sudoers, %s' % ds_suffix +ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' +sudo_ou = f'ou=sudoers,{ds_suffix}' ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) @@ -439,12 +466,12 @@ def sudo_rule(session_multihost, request): sudo_options = ["!requiretty", "!authenticate"] sudo_cmd = '/usr/bin/head' sudo_user = 'foo1' -rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +rule_dn = f'cn={sudo_cmd},{sudo_ou}' try: ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', sudo_user, sudo_options) except LdapException: -pytest.fail("Failed to add sudo rule %s" % rule_dn) +pytest.fail(f"Failed to add sudo rule {rule_dn}") else: extra_user = 'foo2' add_extra = [(ldap.MOD_ADD, 'sudoUser', @@ -454,7 +481,7 @@ def sudo_rule(session_multihost, request): def del_sudo_rule(): """ Delete sudo rule """ -rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +rule_dn = f'cn={sudo_cmd},{sudo_ou}' (_, _) = ldap_inst.del_dn(rule_dn) (ret, _) = ldap_inst.del_dn(sudo_ou) assert ret == 'Success' diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..90981e2317 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo fu
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From f3d9ddb021b23037b8fac15059de9624348de7ef Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 37 +++-- src/tests/multihost/alltests/test_sudo.py | 66 +-- 2 files changed, 94 insertions(+), 9 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..d7f34b7c24 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,11 +424,38 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = f'ou=sudoers,{ds_suffix}' +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/{ds_instance_name}' +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ -ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) -sudo_ou = 'ou=sudoers, %s' % ds_suffix +ldap_uri = f'ldap://{session_multihost.master[0].sys_hostname}' +sudo_ou = f'ou=sudoers,{ds_suffix}' ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) @@ -439,12 +466,12 @@ def sudo_rule(session_multihost, request): sudo_options = ["!requiretty", "!authenticate"] sudo_cmd = '/usr/bin/head' sudo_user = 'foo1' -rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +rule_dn = f'cn={sudo_cmd},{sudo_ou}' try: ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', sudo_user, sudo_options) except LdapException: -pytest.fail("Failed to add sudo rule %s" % rule_dn) +pytest.fail(f"Failed to add sudo rule {rule_dn}") else: extra_user = 'foo2' add_extra = [(ldap.MOD_ADD, 'sudoUser', @@ -454,7 +481,7 @@ def sudo_rule(session_multihost, request): def del_sudo_rule(): """ Delete sudo rule """ -rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +rule_dn = f'cn={sudo_cmd},{sudo_ou}' (_, _) = ldap_inst.del_dn(rule_dn) (ret, _) = ldap_inst.del_dn(sudo_ou) assert ret == 'Success' diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..7632631d0b 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo fu
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From 690e52cae0ab1f49581f87071d8822a46b6767a5 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 27 ++ src/tests/multihost/alltests/test_sudo.py | 66 +-- 2 files changed, 89 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..8e4ba6c980 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,6 +424,33 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = 'ou=sudoers,%s' % ds_suffix +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/%s' % ds_instance_name +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..dc29787eea 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo full and smart refresh timeouts +:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 +:customerscenario: True +:steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timer are scheduled at + same time then smart refresh is rescheduled to the next cycle +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed +""" +tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') -params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} -tools.sssd_conf(domain_section, params, action='delete') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +params = {'ldap_sudo_full_refresh_interval': '10', + 'ldap_sudo_random_offset': '0', + 'ldap_sudo_smart_re
[SSSD] [sssd PR#5794][closed] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5794 Author: shridhargadekar Title: #5794: Tests: improve sssd refresh timers for sudo queries Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5794/head:pr5794 git checkout pr5794 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5794][opened] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5794 Author: shridhargadekar Title: #5794: Tests: improve sssd refresh timers for sudo queries Action: opened PR body: """ verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5794/head:pr5794 git checkout pr5794 From 690e52cae0ab1f49581f87071d8822a46b6767a5 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 27 ++ src/tests/multihost/alltests/test_sudo.py | 66 +-- 2 files changed, 89 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..8e4ba6c980 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,6 +424,33 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = 'ou=sudoers,%s' % ds_suffix +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/%s' % ds_instance_name +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..dc29787eea 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,67 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo full and smart refresh timeouts +:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 +:customerscenario: True +:steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timer are scheduled at + same time then smart refresh is rescheduled to the next cycle +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed +""" +tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') -params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} -tools.sssd_conf(domain_section, params, action='delete') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +params = {'ldap_sudo_full_refresh_interval': '10&
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From 160e666e5e36ce4fc07251fa4c08d0aa6766378f Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 27 + src/tests/multihost/alltests/test_sudo.py | 70 +-- 2 files changed, 93 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..8e4ba6c980 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,6 +424,33 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = 'ou=sudoers,%s' % ds_suffix +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/%s' % ds_instance_name +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..0fb91a43e8 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo full and smart refresh timeouts +:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 +:customerscenario: True +:steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timer are scheduled at + same time then smart refresh is rescheduled to the next cycle +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed +""" +tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') -params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} -tools.sssd_conf(domain_section, params, action='delete') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,%s' % ds_suffix +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_full_refresh_interval':
[SSSD] [sssd PR#5792][+Tests] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Title: #5792: Tests: improve sssd refresh timers for sudo queries Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5792][+Waiting for review] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Title: #5792: Tests: improve sssd refresh timers for sudo queries Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From 9634fa6c4ce30ce2df3db280d46fcd9ec0a3530a Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 27 + src/tests/multihost/alltests/test_sudo.py | 70 +-- 2 files changed, 93 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..8e4ba6c980 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,6 +424,33 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = 'ou=sudoers,%s' % ds_suffix +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/%s' % ds_instance_name +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..bc66526859 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo full and smart refresh timeouts +:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 +:customerscenario: True +:steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timer are scheduled at + same time then smart refresh is rescheduled to the next cycle +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed +""" +tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') -params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} -tools.sssd_conf(domain_section, params, action='delete') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_full_refresh_interval':
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From d3176fd5f3217563e139aa9bbed9acc30778da5d Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 27 + src/tests/multihost/alltests/test_sudo.py | 70 +-- 2 files changed, 93 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..8e4ba6c980 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,6 +424,33 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = 'ou=sudoers,%s' % ds_suffix +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/%s' % ds_instance_name +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..6b337d549e 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: improve sudo full and smart refresh timeouts +:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 +:customerscenario: True +:steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timer are scheduled at + same time then smart refresh is rescheduled to the next cycle +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed +""" +tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') -params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} -tools.sssd_conf(domain_section, params, action='delete') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_full_refresh_interval':
[SSSD] [sssd PR#5792][synchronized] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From 71856d448963459707a3680bf4adc1656ac4794b Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 27 + src/tests/multihost/alltests/test_sudo.py | 70 +-- 2 files changed, 93 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..8e4ba6c980 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,6 +424,33 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): +""" Configure basic sudo parameters in sssd.conf """ +tools = sssdTools(session_multihost.client[0]) +session_multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db/') +tools.remove_sss_cache('/var/log/sssd') +ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params) +sudo_base = 'ou=sudoers,%s' % ds_suffix +params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} +domain_section = 'domain/%s' % ds_instance_name +tools.sssd_conf(domain_section, params, action='update') +ret = session_multihost.client[0].service_sssd('start') + +def restore_sssd_conf(): +""" Restore sssd.conf """ +services = 'nss, pam' +sssd_params = {'services': services} +tools.sssd_conf('sssd', sssd_params) +tools.sssd_conf(domain_section, params, action='delete') +request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..b221c8c51b 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + +@pytest.mark.tier2 +def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): +""" +:title: sudo: randomize sudo refresh timeouts +:id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 +:customerscenario: True +:steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timeout are scheduled at + same time then smart refresh is rescheduled to the next cycle +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed +""" +tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') -params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} -tools.sssd_conf(domain_section, params, action='delete') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_full_refresh_interval': '10
[SSSD] [sssd PR#5792][edited] Tests: improve sssd refresh timers for sudo queries
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: edited Changed field: title Original value: """ Sssd 3162 """ ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5792][opened] Sssd 3162
URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Sssd 3162 Action: opened PR body: """ verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792 From 513f2e8e62f1cd1cb4dcefb6b7d7fc1f38dda509 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 25 Aug 2021 21:35:39 +0530 Subject: [PATCH 1/2] Test: Randomize the SUDO timeouts upon reconnection issue: #5609 bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 --- src/tests/multihost/alltests/conftest.py | 37 src/tests/multihost/alltests/test_sudo.py | 53 +++ 2 files changed, 90 insertions(+) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..fa97ac5d61 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -395,6 +395,43 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sudo_rule(session_multihost, request): +""" Create sudoers ldap entries """ +ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) +sudo_ou = 'ou=sudoers, %s' % ds_suffix +ds_rootdn = 'cn=Directory Manager' +ds_rootpw = 'Secret123' +ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) +try: +ldap_inst.org_unit('sudoers', ds_suffix) +except LdapException: +pytest.fail("already exist or failed to add sudo ou ") +sudo_options = ["!requiretty", "!authenticate"] +sudo_cmd = '/usr/bin/head' +sudo_user = 'foo1' +rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +try: +ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', +sudo_user, sudo_options) +except LdapException: +pytest.fail("Failed to add sudo rule %s" % rule_dn) +else: +extra_user = 'foo2' +add_extra = [(ldap.MOD_ADD, 'sudoUser', + extra_user.encode('utf-8'))] +(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra) +assert ret == 'Success' + +def del_sudo_rule(): +""" Delete sudo rule """ +rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +(_, _) = ldap_inst.del_dn(rule_dn) +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +request.addfinalizer(del_sudo_rule) + + testdata = [ [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z', 'sudoNotBefore'], diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 9e7fa87413..9ca1441cba 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -110,3 +110,56 @@ def test_timed_sudoers_entry(self, multihost.master[0].run_command(journalctl_cmd) pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1')) ssh.close() + + +@pytest.mark.tier2 +def test_randomize_sudo_timeout(self, multihost, +backupsssdconf, sudo_rule): +""" +@Title: sudo: randomize sudo smart and full refresh timeouts +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_search_base': sudo_base, + 'ldap_uri': sudo_uri, + 'sudo_provider': "ldap", + 'ldap_sudo_full_refresh_interval': '25', + 'ldap_sudo_smart_refresh_interval': '15', + 'ldap_sudo_random_offset': '5'} +domain_section = 'domain/%s' % ds_instance_name +tools.sssd_conf(domain_section, params, action='update') +section = "sssd" +sssd_params = {'services': 'nss, pam, sudo'} +tools.sssd_conf(section, sssd_params, action='update') +multihost.client[0].service_sssd('start') +time.sleep(120) +logfile = '/var/log/sssd/sssd_%s.
[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Author: shridhargadekar Title: #5761: Tests: Randomize sudo refresh timeouts Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5761/head:pr5761 git checkout pr5761 From 7a7c072cec4fa76725333fe98aac09cef38a7421 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 25 Aug 2021 23:31:50 +0530 Subject: [PATCH] Tests: Randomize sudo refresh timeouts Veifies: #5609 Bugzilla: @pytest.fixture(scope='function') Signed-off-by: Shridhar Gadekar --- src/tests/multihost/alltests/conftest.py | 37 src/tests/multihost/alltests/test_sudo.py | 73 ++- 2 files changed, 109 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..fa97ac5d61 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -395,6 +395,43 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sudo_rule(session_multihost, request): +""" Create sudoers ldap entries """ +ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) +sudo_ou = 'ou=sudoers, %s' % ds_suffix +ds_rootdn = 'cn=Directory Manager' +ds_rootpw = 'Secret123' +ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) +try: +ldap_inst.org_unit('sudoers', ds_suffix) +except LdapException: +pytest.fail("already exist or failed to add sudo ou ") +sudo_options = ["!requiretty", "!authenticate"] +sudo_cmd = '/usr/bin/head' +sudo_user = 'foo1' +rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +try: +ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', +sudo_user, sudo_options) +except LdapException: +pytest.fail("Failed to add sudo rule %s" % rule_dn) +else: +extra_user = 'foo2' +add_extra = [(ldap.MOD_ADD, 'sudoUser', + extra_user.encode('utf-8'))] +(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra) +assert ret == 'Success' + +def del_sudo_rule(): +""" Delete sudo rule """ +rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +(_, _) = ldap_inst.del_dn(rule_dn) +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +request.addfinalizer(del_sudo_rule) + + testdata = [ [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z', 'sudoNotBefore'], diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 271d9474f8..823ac3fbfe 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -4,7 +4,7 @@ import paramiko from sssd.testlib.common.utils import SSHClient from sssd.testlib.common.utils import sssdTools -from constants import ds_instance_name +from constants import ds_instance_name, ds_suffix @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups', @@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self, multihost.master[0].run_command(journalctl_cmd) pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1')) ssh.close() + +@pytest.mark.tier2 +def test_randomize_sudo_timeout(self, multihost, +backupsssdconf, sudo_rule): +""" +:title: sudo: randomize sudo refresh timeouts +:id: 57720975-29ba-4ed7-868a-f9b784bbfed2 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 +:customerscenario: True +:steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 120 seconds + 4. Parse logs and confirm sudo refresh timeouts are random +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,%s' % (ds_suffix) +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_search_base': sudo_base, + 'ldap_uri&
[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Author: shridhargadekar Title: #5761: Tests: Randomize sudo refresh timeouts Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5761/head:pr5761 git checkout pr5761 From 565f0c395f7a7df21458a8ccfdaf2595419fb8b1 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 25 Aug 2021 23:31:50 +0530 Subject: [PATCH] Tests: Randomize sudo refresh timeouts Veifies: #5609 Bugzilla: @pytest.fixture(scope='function') Signed-off-by: Shridhar Gadekar --- src/tests/multihost/alltests/conftest.py | 37 src/tests/multihost/alltests/test_sudo.py | 71 +++ 2 files changed, 108 insertions(+) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..fa97ac5d61 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -395,6 +395,43 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sudo_rule(session_multihost, request): +""" Create sudoers ldap entries """ +ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) +sudo_ou = 'ou=sudoers, %s' % ds_suffix +ds_rootdn = 'cn=Directory Manager' +ds_rootpw = 'Secret123' +ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) +try: +ldap_inst.org_unit('sudoers', ds_suffix) +except LdapException: +pytest.fail("already exist or failed to add sudo ou ") +sudo_options = ["!requiretty", "!authenticate"] +sudo_cmd = '/usr/bin/head' +sudo_user = 'foo1' +rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +try: +ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', +sudo_user, sudo_options) +except LdapException: +pytest.fail("Failed to add sudo rule %s" % rule_dn) +else: +extra_user = 'foo2' +add_extra = [(ldap.MOD_ADD, 'sudoUser', + extra_user.encode('utf-8'))] +(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra) +assert ret == 'Success' + +def del_sudo_rule(): +""" Delete sudo rule """ +rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +(_, _) = ldap_inst.del_dn(rule_dn) +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +request.addfinalizer(del_sudo_rule) + + testdata = [ [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z', 'sudoNotBefore'], diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 271d9474f8..f7aa81a1ba 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self, multihost.master[0].run_command(journalctl_cmd) pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1')) ssh.close() + +@pytest.mark.tier2 +def test_randomize_sudo_timeout(self, multihost, +backupsssdconf, sudo_rule): +""" +:title: sudo: randomize sudo refresh timeouts +:id: 57720975-29ba-4ed7-868a-f9b784bbfed2 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 +:customerscenario: True +:steps: + 1. edit sssdconfig and specify sssd smart, full timeout option + 2. restart sssd with cleared logs and cache + 3. wait for 120 seconds + 4. parse logs and confirm sudo refresh timeouts are random +:expectedresults: + 1. should succeed + 2. should succeed + 3. should succeed + 4. should succeed +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_search_base': sudo_base, + 'ldap_uri': sudo_uri, + 'sudo_provider': "ldap", + 'ldap_sudo_full_refresh_interval': '25', + 'ldap_sudo_smart_refresh_interval': '15', + 'ldap_sudo_random_offset': '5'} +
[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Author: shridhargadekar Title: #5761: Tests: Randomize sudo refresh timeouts Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5761/head:pr5761 git checkout pr5761 From 2386b5fab19a28eb5488006e53a6957a36db71fd Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 25 Aug 2021 23:31:50 +0530 Subject: [PATCH] Tests: Randomize sudo refresh timeouts Veifies: #5609 Bugzilla: @pytest.fixture(scope='function') Signed-off-by: Shridhar Gadekar --- src/tests/multihost/alltests/conftest.py | 37 src/tests/multihost/alltests/test_sudo.py | 71 +++ 2 files changed, 108 insertions(+) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..fa97ac5d61 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -395,6 +395,43 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sudo_rule(session_multihost, request): +""" Create sudoers ldap entries """ +ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) +sudo_ou = 'ou=sudoers, %s' % ds_suffix +ds_rootdn = 'cn=Directory Manager' +ds_rootpw = 'Secret123' +ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) +try: +ldap_inst.org_unit('sudoers', ds_suffix) +except LdapException: +pytest.fail("already exist or failed to add sudo ou ") +sudo_options = ["!requiretty", "!authenticate"] +sudo_cmd = '/usr/bin/head' +sudo_user = 'foo1' +rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +try: +ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', +sudo_user, sudo_options) +except LdapException: +pytest.fail("Failed to add sudo rule %s" % rule_dn) +else: +extra_user = 'foo2' +add_extra = [(ldap.MOD_ADD, 'sudoUser', + extra_user.encode('utf-8'))] +(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra) +assert ret == 'Success' + +def del_sudo_rule(): +""" Delete sudo rule """ +rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +(_, _) = ldap_inst.del_dn(rule_dn) +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +request.addfinalizer(del_sudo_rule) + + testdata = [ [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z', 'sudoNotBefore'], diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 271d9474f8..65ba2f11b7 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self, multihost.master[0].run_command(journalctl_cmd) pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1')) ssh.close() + +@pytest.mark.tier2 +def test_randomize_sudo_timeout(self, multihost, +backupsssdconf, sudo_rule): +""" +:title: sudo: randomize sudo refresh timeouts +:id: 57720975-29ba-4ed7-868a-f9b784bbfed2 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 +:customerscenario: True +:steps: + 1. edit sssdconfig and specify sssd smart, full timeout option + 2. restart sssd with cleared logs and cache + 3. wait for 90 seconds + 4. parse logs and confirm sudo refresh timeouts are random +:expectedresults: + 1. should succeed + 2. should succeed + 3. should succeed + 4. should succeed +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_search_base': sudo_base, + 'ldap_uri': sudo_uri, + 'sudo_provider': "ldap", + 'ldap_sudo_full_refresh_interval': '25', + 'ldap_sudo_smart_refresh_interval': '15', + 'ldap_sudo_random_offset': '5'} +
[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Author: shridhargadekar Title: #5761: Tests: Randomize sudo refresh timeouts Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5761/head:pr5761 git checkout pr5761 From 82b65ba5352bcd661a08a3e55355c31f189ff5ec Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 25 Aug 2021 23:31:50 +0530 Subject: [PATCH] Tests: Randomize sudo refresh timeouts Veifies: #5609 Bugzilla: @pytest.fixture(scope='function') Signed-off-by: Shridhar Gadekar --- src/tests/multihost/alltests/conftest.py | 37 src/tests/multihost/alltests/test_sudo.py | 71 +++ 2 files changed, 108 insertions(+) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..fa97ac5d61 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -395,6 +395,43 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sudo_rule(session_multihost, request): +""" Create sudoers ldap entries """ +ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) +sudo_ou = 'ou=sudoers, %s' % ds_suffix +ds_rootdn = 'cn=Directory Manager' +ds_rootpw = 'Secret123' +ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) +try: +ldap_inst.org_unit('sudoers', ds_suffix) +except LdapException: +pytest.fail("already exist or failed to add sudo ou ") +sudo_options = ["!requiretty", "!authenticate"] +sudo_cmd = '/usr/bin/head' +sudo_user = 'foo1' +rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +try: +ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', +sudo_user, sudo_options) +except LdapException: +pytest.fail("Failed to add sudo rule %s" % rule_dn) +else: +extra_user = 'foo2' +add_extra = [(ldap.MOD_ADD, 'sudoUser', + extra_user.encode('utf-8'))] +(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra) +assert ret == 'Success' + +def del_sudo_rule(): +""" Delete sudo rule """ +rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +(_, _) = ldap_inst.del_dn(rule_dn) +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +request.addfinalizer(del_sudo_rule) + + testdata = [ [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z', 'sudoNotBefore'], diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 271d9474f8..3e6d709313 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -110,3 +110,74 @@ def test_timed_sudoers_entry(self, multihost.master[0].run_command(journalctl_cmd) pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1')) ssh.close() + +@pytest.mark.tier2 +def test_randomize_sudo_timeout(self, multihost, +backupsssdconf, sudo_rule): +""" +:title: sudo: randomize sudo refresh timeouts +:id: 57720975-29ba-4ed7-868a-f9b784bbfed2 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 +:customerscenario: True +:steps: + 1. edit sssdconfig and specify sssd smart, full timeout option + 2. restart sssd with cleared logs and cache + 3. wait for 90 seconds + 4. parse logs and confirm sudo refresh timeouts are random +:expectedresults: + 1. should succeed + 2. should succeed + 3. should succeed + 4. should succeed +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_search_base': sudo_base, + 'ldap_uri': sudo_uri, + 'sudo_provider': "ldap", + 'ldap_sudo_full_refresh_interval': '25', + 'ldap_sudo_smart_refresh_interval': '15', + 'ldap_sudo_random_offset': '5'} +
[SSSD] [sssd PR#5761][+Tests] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Title: #5761: Tests: Randomize sudo refresh timeouts Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5761][+Waiting for review] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Title: #5761: Tests: Randomize sudo refresh timeouts Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5761][+RFE] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Title: #5761: Tests: Randomize sudo refresh timeouts Label: +RFE ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5761][synchronized] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Author: shridhargadekar Title: #5761: Tests: Randomize sudo refresh timeouts Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5761/head:pr5761 git checkout pr5761 From 079d82e96f9791a61ee485845ea20fa9093b035d Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 25 Aug 2021 23:31:50 +0530 Subject: [PATCH] Tests: Randomize sudo refresh timeouts Veifies: #5609 Bugzilla: @pytest.fixture(scope='function') Signed-off-by: Shridhar Gadekar --- src/tests/multihost/alltests/conftest.py | 37 src/tests/multihost/alltests/test_sudo.py | 72 +++ 2 files changed, 109 insertions(+) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..fa97ac5d61 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -395,6 +395,43 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sudo_rule(session_multihost, request): +""" Create sudoers ldap entries """ +ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) +sudo_ou = 'ou=sudoers, %s' % ds_suffix +ds_rootdn = 'cn=Directory Manager' +ds_rootpw = 'Secret123' +ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) +try: +ldap_inst.org_unit('sudoers', ds_suffix) +except LdapException: +pytest.fail("already exist or failed to add sudo ou ") +sudo_options = ["!requiretty", "!authenticate"] +sudo_cmd = '/usr/bin/head' +sudo_user = 'foo1' +rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +try: +ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', +sudo_user, sudo_options) +except LdapException: +pytest.fail("Failed to add sudo rule %s" % rule_dn) +else: +extra_user = 'foo2' +add_extra = [(ldap.MOD_ADD, 'sudoUser', + extra_user.encode('utf-8'))] +(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra) +assert ret == 'Success' + +def del_sudo_rule(): +""" Delete sudo rule """ +rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +(_, _) = ldap_inst.del_dn(rule_dn) +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +request.addfinalizer(del_sudo_rule) + + testdata = [ [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z', 'sudoNotBefore'], diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 271d9474f8..fcd3f3bdd6 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -110,3 +110,75 @@ def test_timed_sudoers_entry(self, multihost.master[0].run_command(journalctl_cmd) pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1')) ssh.close() + + +@pytest.mark.tier2 +def test_randomize_sudo_timeout(self, multihost, +backupsssdconf, sudo_rule): +""" +:title: sudo: randomize sudo refresh timeouts +:id: 57720975-29ba-4ed7-868a-f9b784bbfed2 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 +:customerscenario: True +:steps: + 1. edit sssdconfig and specify sssd smart, full timeout option + 2. restart sssd with cleared logs and cache + 3. wait for 90 seconds + 4. parse logs and confirm sudo refresh timeouts are random +:expectedresults: + 1. should succeed + 2. should succeed + 3. should succeed + 4. should succeed +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_search_base': sudo_base, + 'ldap_uri': sudo_uri, + 'sudo_provider': "ldap", + 'ldap_sudo_full_refresh_interval': '25', + 'ldap_sudo_smart_refresh_interval': '15', + 'ldap_sudo_random_offset': '5'} +
[SSSD] [sssd PR#5761][opened] Tests: Randomize sudo refresh timeouts
URL: https://github.com/SSSD/sssd/pull/5761 Author: shridhargadekar Title: #5761: Tests: Randomize sudo refresh timeouts Action: opened PR body: """ Randomize smart and full sudo refresh timeouts after reconnection Veifies: #5609 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 Signed-off-by: Shridhar Gadekar """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5761/head:pr5761 git checkout pr5761 From 6fc0e37c366f459bbfccc1a0c02693d7a5f0d5bf Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 25 Aug 2021 23:31:50 +0530 Subject: [PATCH] Tests: Randomize sudo refresh timeouts Veifies: #5609 Bugzilla: @pytest.fixture(scope='function') Signed-off-by: Shridhar Gadekar --- src/tests/multihost/alltests/conftest.py | 37 + src/tests/multihost/alltests/test_sudo.py | 66 +++ 2 files changed, 103 insertions(+) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 3996459632..fa97ac5d61 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -395,6 +395,43 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sudo_rule(session_multihost, request): +""" Create sudoers ldap entries """ +ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) +sudo_ou = 'ou=sudoers, %s' % ds_suffix +ds_rootdn = 'cn=Directory Manager' +ds_rootpw = 'Secret123' +ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) +try: +ldap_inst.org_unit('sudoers', ds_suffix) +except LdapException: +pytest.fail("already exist or failed to add sudo ou ") +sudo_options = ["!requiretty", "!authenticate"] +sudo_cmd = '/usr/bin/head' +sudo_user = 'foo1' +rule_dn = "cn=%s, %s" % (sudo_cmd, sudo_ou) +try: +ldap_inst.add_sudo_rule(rule_dn, 'ALL', '/usr/bin/head', +sudo_user, sudo_options) +except LdapException: +pytest.fail("Failed to add sudo rule %s" % rule_dn) +else: +extra_user = 'foo2' +add_extra = [(ldap.MOD_ADD, 'sudoUser', + extra_user.encode('utf-8'))] +(ret, _) = ldap_inst.modify_ldap(rule_dn, add_extra) +assert ret == 'Success' + +def del_sudo_rule(): +""" Delete sudo rule """ +rule_dn = 'cn=%s,%s' % (sudo_cmd, sudo_ou) +(_, _) = ldap_inst.del_dn(rule_dn) +(ret, _) = ldap_inst.del_dn(sudo_ou) +assert ret == 'Success' +request.addfinalizer(del_sudo_rule) + + testdata = [ [(datetime.today() - timedelta(days=1)).strftime('%Y%m%d%H') + 'Z', 'sudoNotBefore'], diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 271d9474f8..3dcc4e129d 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -110,3 +110,69 @@ def test_timed_sudoers_entry(self, multihost.master[0].run_command(journalctl_cmd) pytest.fail("%s cmd failed for user %s" % ('sudo -l', 'foo1')) ssh.close() + + +@pytest.mark.tier2 +def test_randomize_sudo_timeout(self, multihost, +backupsssdconf, sudo_rule): +""" +:title: sudo: randomize sudo refresh timeouts +:id: 57720975-29ba-4ed7-868a-f9b784bbfed2 +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925514 +:customerscenario: True +:steps: + 1. edit sssdconfig and specify sssd smart, full timeout option + 2. restart sssd with cleared logs and cache + 3. wait for 90 seconds + 4. parse logs and confirm sudo refresh timeouts are random +:expectedresults: + 1. should succeed + 2. should succeed + 3. should succeed + 4. should succeed +""" +tools = sssdTools(multihost.client[0]) +multihost.client[0].service_sssd('stop') +tools.remove_sss_cache('/var/lib/sss/db') +tools.remove_sss_cache('/var/log/sssd') +sudo_base = 'ou=sudoers,dc=example,dc=test' +sudo_uri = "ldap://%s"; % multihost.master[0].sys_hostname +params = {'ldap_sudo_search_base': sudo_base, + 'ldap_uri': sudo_uri, + 'sudo_provider': "ldap", +
[SSSD] [sssd PR#5711][+Accepted] SSSD is generating lot of LDAP queries in a very large environment
URL: https://github.com/SSSD/sssd/pull/5711 Title: #5711: SSSD is generating lot of LDAP queries in a very large environment Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5711][comment] SSSD is generating lot of LDAP queries in a very large environment
URL: https://github.com/SSSD/sssd/pull/5711 Title: #5711: SSSD is generating lot of LDAP queries in a very large environment shridhargadekar commented: """ looks good. """ See the full comment at https://github.com/SSSD/sssd/pull/5711#issuecomment-880602017 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5681][comment] Test: sudo rule with runAS set to short-username value
URL: https://github.com/SSSD/sssd/pull/5681 Title: #5681: Test: sudo rule with runAS set to short-username value shridhargadekar commented: """ https://ci-jenkins-csb-idm.apps.ocp4.prod.psi.redhat.com/blue/organizations/jenkins/trigger-test-suite-tool/detail/trigger-test-suite-tool/464/pipeline/63 @aborah-sudo this passed """ See the full comment at https://github.com/SSSD/sssd/pull/5681#issuecomment-871171579 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5681][comment] Test: sudo rule with runAS set to short-username value
URL: https://github.com/SSSD/sssd/pull/5681 Title: #5681: Test: sudo rule with runAS set to short-username value shridhargadekar commented: """ @aborah-sudo any update on this? """ See the full comment at https://github.com/SSSD/sssd/pull/5681#issuecomment-867039268 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5681][opened] Test: sudo rule with runAS set to short-username value
URL: https://github.com/SSSD/sssd/pull/5681 Author: shridhargadekar Title: #5681: Test: sudo rule with runAS set to short-username value Action: opened PR body: """ In the AD-server, a sudo rule containing sudoRunAs attribute to a short-username should not generate error in the sssd log. https://bugzilla.redhat.com/show_bug.cgi?id=1910131 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5681/head:pr5681 git checkout pr5681 From 443180e0dfb4f534c6032dd8557e8d887b498a1b Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Fri, 11 Jun 2021 14:25:37 +0530 Subject: [PATCH] Test: sudo rule with runAS set to short-username value sudo rule containing sudoRunAs attribute to a short-username should not generate error in the sssd log. --- src/tests/multihost/ad/conftest.py | 19 +- src/tests/multihost/ad/test_sudo.py | 56 + 2 files changed, 74 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/ad/conftest.py b/src/tests/multihost/ad/conftest.py index ce8856e396..d3b67b305e 100644 --- a/src/tests/multihost/ad/conftest.py +++ b/src/tests/multihost/ad/conftest.py @@ -481,6 +481,9 @@ def create_ad_sudousers(session_multihost, request): ad_group1 = 'sudo_groupx' ad.create_ad_nonposix_group(ad_group1) ad.add_user_member_of_group(ad_group1, ad_user1) +ad_user_a = 'sudo_usera' +ad_group_a = 'sudo_groupa' +ad.create_ad_unix_user_group(ad_user_a, ad_group_a) def remove_ad_sudousers(): """ Remove AD sudo users and groups """ @@ -489,7 +492,8 @@ def remove_ad_sudousers(): ad_group = 'sudo_idmgroup%d' % idx ad.delete_ad_user_group(ad_group) ad.delete_ad_user_group(ad_user) -for object in [ad_group1, ad_group2, ad_user1]: +usrgrp = [ad_user1, ad_group1, ad_group2, ad_user_a, ad_group_a] +for object in usrgrp: ad.delete_ad_user_group(object) request.addfinalizer(remove_ad_sudousers) @@ -546,9 +550,22 @@ def sudorules(session_multihost, request): user.encode('utf-8'))] (ret, _) = win_ldap.modify_ldap(rule_dn, extra_sudo_user) assert ret == 'Success' +rule1_dn = 'cn=head_rule1,%s' % (sudo_ou) +sudo_identity = 'sudo_usera' +sudo_options = ["!requiretty", "!authenticate"] +win_ldap.add_sudo_rule(rule1_dn, 'ALL', sudo_cmd, + sudo_identity, sudo_options) +user1 = 'sudo_idmuser1' +extra_sudo_user = [(ldap.MOD_ADD, 'sudoRunAs', +user1.encode('utf-8'))] +(ret, _) = win_ldap.modify_ldap(rule1_dn, extra_sudo_user) +assert ret == 'Success' + def delete_sudorule(): """ Delete sudo rule """ +(ret, _) = win_ldap.del_dn(rule1_dn) +assert ret == 'Success' for item in ['user', 'group']: for idx in range(1, 10): rule_dn = 'cn=less_%s_rule%d,%s' % (item, idx, sudo_ou) diff --git a/src/tests/multihost/ad/test_sudo.py b/src/tests/multihost/ad/test_sudo.py index 26125dbc77..7d090ddc99 100644 --- a/src/tests/multihost/ad/test_sudo.py +++ b/src/tests/multihost/ad/test_sudo.py @@ -8,6 +8,7 @@ import pytest import paramiko import time +import re from sssd.testlib.common.utils import SSHClient from sssd.testlib.common.utils import sssdTools @@ -161,6 +162,61 @@ def test_003_support_non_posix_group_in_sudorule(self, multihost): client.sssd_conf(domain_section, params, action='delete') assert '/usr/bin/head\n' in result +def test_004_sudorule_with_short_username(self, multihost): +""" +:title: sssd should accept a short-username to sudoRunAs option +:id:61b1abf2-310b-4cdf-8238-b32d235df9a9 +:customerscenario: True +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1910131 +:setup: +1. Add sudo rules with sudoRunAs attribute value set to short-username +2. Join a client, without fqdn, to the AD +3. Set debug level to 2 + +:steps: + 1.Run sudo command as AD-user for whom rule is created +:expectedResuls: +1. There should be no error in the sudo or domain log related + to 'short-username or non-fqdn username' +""" +client = sssdTools(multihost.client[0], multihost.ad[0]) +domain_name = client.get_domain_section_name() +domain_section = 'domain/%s' % (domain_name) +params = { +'debug_level': '2'} +client.sssd_conf(domain_section, params) +client.sssd
[SSSD] [sssd PR#5639][+Accepted] TEST: Fixes after running new tests downstream
URL: https://github.com/SSSD/sssd/pull/5639 Title: #5639: TEST: Fixes after running new tests downstream Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5639][-Waiting for review] TEST: Fixes after running new tests downstream
URL: https://github.com/SSSD/sssd/pull/5639 Title: #5639: TEST: Fixes after running new tests downstream Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5639][comment] TEST: Fixes after running new tests downstream
URL: https://github.com/SSSD/sssd/pull/5639 Title: #5639: TEST: Fixes after running new tests downstream shridhargadekar commented: """ Look good. """ See the full comment at https://github.com/SSSD/sssd/pull/5639#issuecomment-845918847 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5612][-Changes requested] test: minor change in test doc string
URL: https://github.com/SSSD/sssd/pull/5612 Title: #5612: test: minor change in test doc string Label: -Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5591][comment] Tests: Regression part of bash to pytest of shadow utils
URL: https://github.com/SSSD/sssd/pull/5591 Title: #5591: Tests: Regression part of bash to pytest of shadow utils shridhargadekar commented: """ modified changes look fine. """ See the full comment at https://github.com/SSSD/sssd/pull/5591#issuecomment-828347036 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5612][synchronized] test: minor change in test doc string
URL: https://github.com/SSSD/sssd/pull/5612 Author: shridhargadekar Title: #5612: test: minor change in test doc string Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5612/head:pr5612 git checkout pr5612 From 21c91f6d214c8446778c6f6fb220569ed9d1681d Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 27 Apr 2021 22:27:07 +0530 Subject: [PATCH] test: minor change in test doc string adding test id in the doc string --- src/tests/multihost/alltests/test_automount.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 44b9a98b1b..e706537527 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -352,10 +352,10 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, @pytest.mark.tier2 def test_009_maps_after_coming_online(self, multihost, add_nisobject): """ -:title: IDM-SSSD-TC: ldap-Provider Automount: Without eisting cache - when sssd comes to online state from offline, autofs maps are fetched - without a restart +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:customerscenario: True :setup: 1. edit sssd.conf and specify autofs_provider = ad ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5612][+Waiting for review] test: minor change in test doc string
URL: https://github.com/SSSD/sssd/pull/5612 Title: #5612: test: minor change in test doc string Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5612][opened] test: minor change in test doc string
URL: https://github.com/SSSD/sssd/pull/5612 Author: shridhargadekar Title: #5612: test: minor change in test doc string Action: opened PR body: """ adding test id in the doc string """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5612/head:pr5612 git checkout pr5612 From cbea68a39d6fbbd23f68cc99be62bc667d0e0895 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 27 Apr 2021 22:27:07 +0530 Subject: [PATCH] test: minor change in test doc string adding test id in the doc string --- src/tests/multihost/alltests/test_automount.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 44b9a98b1b..51f1846f1c 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -355,6 +355,7 @@ def test_009_maps_after_coming_online(self, multihost, add_nisobject): :title: IDM-SSSD-TC: ldap-Provider Automount: Without eisting cache when sssd comes to online state from offline, autofs maps are fetched without a restart +:id: 5166e9b8-1ed9-445a-a927-24bc16db6281 :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1113639 :setup: ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5606][-Waiting for review] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5606 Title: #5606: Tests: alltests: fetch autofs maps after coming online Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5478][comment] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Title: #5478: Tests: alltests: fetch autofs maps after coming online shridhargadekar commented: """ new PR is raised """ See the full comment at https://github.com/SSSD/sssd/pull/5478#issuecomment-827062915 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5478][closed] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5606][+Tests] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5606 Title: #5606: Tests: alltests: fetch autofs maps after coming online Label: +Tests ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5606][opened] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5606 Author: shridhargadekar Title: #5606: Tests: alltests: fetch autofs maps after coming online Action: opened PR body: """ SSSD should fetch autofs maps from server when coming online from offline state, without existing cache. SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. #Verifies: Issues: #3413 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113639 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5606/head:pr5606 git checkout pr5606 From 19f3e3cc26346b60d9db3c859c75bda9d02859dc Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 27 Apr 2021 00:06:36 +0530 Subject: [PATCH] Tests: alltests: fetch autofs maps after coming online SSSD should fetch autofs maps from server when coming online from offline state, without existing cache. --- .../multihost/alltests/test_automount.py | 57 ++ .../multihost/sssd/testlib/common/utils.py| 76 +++ 2 files changed, 133 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 414c009b9c..5509fecb75 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -348,3 +348,60 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.tier2 +def test_009_maps_after_coming_online(self, multihost, add_nisobject): +""" +:title: IDM-SSSD-TC: ldap-Provider Automount: Without eisting cache + when sssd comes to online state from offline, autofs maps are fetched + without a restart +:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1113639 + +:setup: + 1. edit sssd.conf and specify autofs_provider = ad + 2. restart autofs + +:steps: + 1. firewalld block 389 and 636 + 2. stop sssd, autofs. + 3. remove sssd cache + 4. Start sssd + 5. remove firewall rule + 6. start autofs + +:expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + 6. Should succeed +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +for service in ['sssd', 'autofs']: +client.service_ctrl("stop", service) +client.service_ctrl("start", "firewalld") +client.firewall_port(636, 'BLOCK') +client.firewall_port(389, 'BLOCK') +client.firewall_port('ALL', 'allowall') +client.clear_sssd_cache() +time.sleep(5) +cmdy = 'id foo1@%s' % domain_name +multihost.client[0].run_command(cmdy, raiseonerr=False) +cmd = 'sssctl domain-status %s' % domain_name +cmd1 = multihost.client[0].run_command(cmd, raiseonerr=False) +find = re.compile(r'Online status: Offline') +result = find.search(cmd1.stdout_text) +assert result is not None +cmdz = cmd1.stdout_text +client.firewall_port(636, 'OPEN') +client.firewall_port(389, 'OPEN') +client.firewall_port('ALL', 'delall') +client.service_ctrl("stop", "firewalld") +time.sleep(60) +cmd2 = client.service_ctrl("start", "autofs") +cmd = 'dnf remove -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +assert cmd2 == 0 diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index e9dba35845..a230525a45 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -138,6 +138,82 @@ def update_etc_hosts(self, ip_addr, hostname): contents = "\n" + hostentry + contents.replace(hostentry, '') self.multihost.put_file_contents('/etc/hosts', contents) +def firewall_port(self, port, action): +""" open or block ports via firewalld +:param int port_num: port number to open or block +:param str action: action to perform on port, action could be +'block', 'open', 'allowall', 'delall' +:port o
[SSSD] [sssd PR#5606][+Waiting for review] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5606 Title: #5606: Tests: alltests: fetch autofs maps after coming online Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5565][+Accepted] Tests: Tests if shadow-utils are immune against bugs in 2006:0032
URL: https://github.com/SSSD/sssd/pull/5565 Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032 Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5565][-Waiting for review] Tests: Tests if shadow-utils are immune against bugs in 2006:0032
URL: https://github.com/SSSD/sssd/pull/5565 Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032 Label: -Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5565][comment] Tests: Tests if shadow-utils are immune against bugs in 2006:0032
URL: https://github.com/SSSD/sssd/pull/5565 Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032 shridhargadekar commented: """ There are three testcases in original script. Segregate them accordingly. Rest lgtm. """ See the full comment at https://github.com/SSSD/sssd/pull/5565#issuecomment-816604767 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5565][comment] Tests: Tests if shadow-utils are immune against bugs in 2006:0032
URL: https://github.com/SSSD/sssd/pull/5565 Title: #5565: Tests: Tests if shadow-utils are immune against bugs in 2006:0032 shridhargadekar commented: """ Could you rewrite the 'grep and pipe' part in more pythonic way? 're' module could be used for parsing. """ See the full comment at https://github.com/SSSD/sssd/pull/5565#issuecomment-815595535 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From f11f3a6a996b9215884911236ae18968f8fbc649 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 70 +++ 1 file changed, 70 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..09afcc98a4 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,73 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1_2 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e +:bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:customerscenario: True +:steps: + 1. firewall block 389 and 636 + 2. stop sssd, autofs. + 3. remove sssd cache + 4. edit and specify autofs_provider + 5. Start sssd + 6. remove firewall rule + 7. start autofs +:expectedresults: + 1. port 389 and 636 should not allow any traffic + 2. sssd and autofs services should stop + 3. sssd cache should be deleted successfully + 4. edit should be successfully loaded in sssd.conf + 5. sssd should come online within 60 seconds + 6. port 389 and 636 should allow traffic through them + 7. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +for service in ['sssd', 'autofs']: +client.service_ctrl("stop", service) +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +client.service_ctrl("start", "firewalld") +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.clear_sssd_cache() +time.sleep(5) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseonerr=True) +multihost.client[0].run_command(fw_r2, raiseonerr=True) +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.service_ctrl("stop", "firewalld") +time.sleep(60) +client.service_ctrl("start", "autofs") +cmd =
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From f11f3a6a996b9215884911236ae18968f8fbc649 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 70 +++ 1 file changed, 70 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..09afcc98a4 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,73 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1_2 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e +:bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:customerscenario: True +:steps: + 1. firewall block 389 and 636 + 2. stop sssd, autofs. + 3. remove sssd cache + 4. edit and specify autofs_provider + 5. Start sssd + 6. remove firewall rule + 7. start autofs +:expectedresults: + 1. port 389 and 636 should not allow any traffic + 2. sssd and autofs services should stop + 3. sssd cache should be deleted successfully + 4. edit should be successfully loaded in sssd.conf + 5. sssd should come online within 60 seconds + 6. port 389 and 636 should allow traffic through them + 7. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +for service in ['sssd', 'autofs']: +client.service_ctrl("stop", service) +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +client.service_ctrl("start", "firewalld") +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.clear_sssd_cache() +time.sleep(5) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseonerr=True) +multihost.client[0].run_command(fw_r2, raiseonerr=True) +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.service_ctrl("stop", "firewalld") +time.sleep(60) +client.service_ctrl("start", "autofs") +cmd =
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From 0fde387e5e811d4804e7a74b77feaa14ddedf833 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 69 +++ 1 file changed, 69 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..13fa26f510 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,72 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1_2 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e +:bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:steps: + 1. firewall block 389 and 636 + 2. stop sssd, autofs. + 3. remove sssd cache + 4. edit and specify autofs_provider + 5. Start sssd + 6. remove firewall rule + 7. start autofs +:expectedresults: + 1. port 389 and 636 should not allow any traffic + 2. sssd and autofs services should stop + 3. sssd cache should be deleted successfully + 4. edit should be successfully loaded in sssd.conf + 5. sssd should come online within 60 seconds + 6. port 389 and 636 should allow traffic through them + 7. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +for service in ['sssd', 'autofs']: +client.service_ctrl("stop", service) +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +client.service_ctrl("start", "firewalld") +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.clear_sssd_cache() +time.sleep(5) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseonerr=True) +multihost.client[0].run_command(fw_r2, raiseonerr=True) +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.service_ctrl("stop", "firewalld") +time.sleep(60) +client.service_ctrl("start", "autofs") +cmd = 'dnf remove -y firewalld
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From 7c3f756dff60a3c6c16e27fe23fd4b85c535c66b Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 70 +++ 1 file changed, 70 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..fb85e3ed9c 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,73 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1_2 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e +:bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:setup: + 1. edit sssd.conf and specify autofs_provider + 2. Install and configure firewall +:steps: + 1. firewall block 389 and 636 + 2. stop sssd, autofs. + 3. remove sssd cache + 4. Start sssd + 5. remove firewall rule + 6. start autofs +:expectedresults: + 1. port 389 and 636 should not allow any traffic + 2. sssd and autofs services should stop + 3. sssd cache should be deleted successfully + 4. sssd should come online within 60 seconds + 5. port 389 and 636 should allow traffic through them + 6. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +for service in ['sssd', 'autofs']: +client.service_ctrl("stop", service) +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +client.service_ctrl("start", "firewalld") +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.clear_sssd_cache() +time.sleep(5) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseonerr=True) +multihost.client[0].run_command(fw_r2, raiseonerr=True) +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.service_ctrl("stop", "firewalld") +time.sleep(60) +client.service_ctrl("start", "autofs") +cmd = 'd
[SSSD] [sssd PR#5527][+Accepted] TEST: missing multihost in service_ctrl
URL: https://github.com/SSSD/sssd/pull/5527 Title: #5527: TEST: missing multihost in service_ctrl Label: +Accepted ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From 1d36adf38098aed464ea7b7e0dbc4c2ce103c97c Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 71 +++ 1 file changed, 71 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..bdcc156647 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,74 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1_2 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e +:bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:setup: + 1. edit sssd.conf and specify autofs_provider + 2. Install and configure firewall +:steps: + 1. firewall block 389 and 636 + 2. stop sssd, autofs. + 3. remove sssd cache + 4. Start sssd + 5. remove firewall rule + 6. start autofs +:expectedresults: + 1. port 389 and 636 should not allow any traffic + 2. sssd and autofs services should stop + 3. sssd cache should be deleted successfully + 4. sssd should come online within 60 seconds + 5. port 389 and 636 should allow traffic through them + 6. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +for service in ['sssd', 'autofs']: +client.service_ctrl("stop", service) +client.clear_sssd_cache() +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +client.service_ctrl("start", "firewalld") +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.service_ctrl("start", "sssd") +time.sleep(5) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseonerr=True) +multihost.client[0].run_command(fw_r2, raiseonerr=True) +multihost.client[0].run_command(fw_rld, raiseonerr=True) +client.service_ctrl("stop", "firewalld") +time.sleep(60) +client.service_ctrl("star
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From 94cedfe143b7665bcb36f158abc75724aa270149 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 79 +++ 1 file changed, 79 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..ff0b0e5ed3 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,82 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e +:bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:setup: + 1. edit sssd.conf and specify autofs_provider + 2. Install and configure firewall +:steps: + 1. firewall block 389 and 636 + 2. stop sssd, autofs. + 3. remove sssd cache + 4. Start sssd + 5. remove firewall rule + 6. start autofs +:expectedresults: + 1. port 389 and 636 should not allow any traffic + 2. sssd and autofs services should stop + 3. sssd cache should be deleted successfully + 4. sssd should come online within 60 seconds + 5. port 389 and 636 should allow traffic through them + 6. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +for service in ['sssd', 'autofs']: +srv = 'systemctl stop %s' % service +try: +multihost.client[0].run_command(srv) +except subprocess.CalledProcessError: +pytest.fail("Unable to stop %s service" % service) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +client.clear_sssd_cache() +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +cmd = 'systemctl start firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +cmd = 'systemctl start sssd' +multihost.client[0].run_command(cmd, raiseonerr=True) +time.sleep(10) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_comma
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From 501ee173580516013de66e776d2450abb05a7d7a Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 79 +++ 1 file changed, 79 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..17b6fb9676 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,82 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e +:bugzilla: +https://bugzilla.redhat.com/show_bug.cgi?id=1113639 +:setup: +1. edit sssd.conf and specify autofs_provider +2. Install and configure firewall +:steps: +1. firewall block 389 and 636 +2. stop sssd, autofs. +3. remove sssd cache +4. Start sssd +5. remove firewall rule +6. start autofs +:expectedresults: +1. port 389 and 636 should not allow any traffic +2. sssd and autofs services should stop +3. sssd cache should be deleted successfully +4. sssd should come online within 60 seconds +5. port 389 and 636 should allow traffic through them +6. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +for service in ['sssd', 'autofs']: +srv = 'systemctl stop %s' % service +try: +multihost.client[0].run_command(srv) +except subprocess.CalledProcessError: +pytest.fail("Unable to stop %s service" % service) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +client.clear_sssd_cache() +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +cmd = 'systemctl start firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +cmd = 'systemctl start sssd' +multihost.client[0].run_command(cmd, raiseonerr=True) +time.sleep(10) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseonerr=True)
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From f8c75da5f9953f6a8c5e58a4046eb568a65cf702 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 84 +++ 1 file changed, 84 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..5cb3c72280 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,87 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +:title: fetch autofs map after coming online from offline + +:id: b9da6e0e-3d8b-4465-b435-338708d0d51e + +:bugzilla: +https://bugzilla.redhat.com/show_bug.cgi?id=1113639 + +:setup: +1. edit sssd.conf and specify autofs_provider +2. Install and configure firewall + +:steps: +1. firewall block 389 and 636 +2. stop sssd, autofs. +3. remove sssd cache +4. Start sssd +5. remove firewall rule +6. start autofs + +:expectedresults: +1. port 389 and 636 should not allow any traffic +2. sssd and autofs services should stop +3. sssd cache should be deleted successfully +4. sssd should come online within 60 seconds +5. port 389 and 636 should allow traffic through them +6. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +for service in ['sssd', 'autofs']: +srv = 'systemctl stop %s' % service +try: +multihost.client[0].run_command(srv) +except subprocess.CalledProcessError: +pytest.fail("Unable to stop %s service" % service) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +client.clear_sssd_cache() +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +cmd = 'systemctl start firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +cmd = 'systemctl start sssd' +multihost.client[0].run_command(cmd, raiseonerr=True) +time.sleep(10) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseoner
[SSSD] [sssd PR#5478][synchronized] Tests: alltests: fetch autofs maps after coming online
URL: https://github.com/SSSD/sssd/pull/5478 Author: shridhargadekar Title: #5478: Tests: alltests: fetch autofs maps after coming online Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5478/head:pr5478 git checkout pr5478 From 3c053ec1da72224c85db8ea71df0ea8fabdd0b13 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Thu, 28 Jan 2021 19:12:02 +0530 Subject: [PATCH] fetch autofs maps after coming online SSSD is started in offline mode with no existing cache. While coming online, SSSD should fetch autofs maps from server without restarting D service. --- .../multihost/alltests/test_automount.py | 84 +++ 1 file changed, 84 insertions(+) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 33ed6b1563..d794f8cd7d 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -342,3 +342,87 @@ def test_008_wildcardsearch(self, multihost, indirect_nismaps, # delete the pcap file del_pcap = 'rm -f %s' % auto_pcapfile multihost.client[0].run_command(del_pcap) + +@pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) +@pytest.mark.tier1 +def test_009_fetch_maps_coming_online_from_offline(self, multihost, + add_nisobject): +""" +@title: fetch autofs map after coming online from offline + +@id: b9da6e0e-3d8b-4465-b435-338708d0d51e + +@bugzilla: +https://bugzilla.redhat.com/show_bug.cgi?id=1113639 + +@setup: +1. edit sssd.conf and specify autofs_provider +2. Install and configure firewall + +@steps: +1. firewall block 389 and 636 +2. stop sssd, autofs. +3. remove sssd cache +4. Start sssd +5. remove firewall rule +6. start autofs + +@expectedresults: +1. port 389 and 636 should not allow any traffic +2. sssd and autofs services should stop +3. sssd cache should be deleted successfully +4. sssd should come online within 60 seconds +5. port 389 and 636 should allow traffic through them +6. autofs should start successfully +""" +multihost.master[0].run_command(['touch', '/export/nfs-test']) +for service in ['sssd', 'autofs']: +srv = 'systemctl stop %s' % service +try: +multihost.client[0].run_command(srv) +except subprocess.CalledProcessError: +pytest.fail("Unable to stop %s service" % service) +client = sssdTools(multihost.client[0]) +domain_name = client.get_domain_section_name() +client.clear_sssd_cache() +cmd = 'dnf install -y firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +cmd = 'systemctl start firewalld' +multihost.client[0].run_command(cmd, raiseonerr=True) +fw_add0 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_add1 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_add2 = 'firewall-cmd --permanent --direct --add-rule ipv4 '\ + 'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_add0, raiseonerr=True) +multihost.client[0].run_command(fw_add1, raiseonerr=True) +multihost.client[0].run_command(fw_add2, raiseonerr=True) +fw_rld = 'firewall-cmd --reload' +multihost.client[0].run_command(fw_rld, raiseonerr=True) +cmd = 'systemctl start sssd' +multihost.client[0].run_command(cmd, raiseonerr=True) +time.sleep(10) +cmd = 'sssctl domain-status %s' % domain_name +multihost.client[0].run_command(cmd, raiseonerr=True) +find = re.compile(r'Online status: Offline') +result = find.search(cmd.stdout_text) +assert result is not None +fw_r0 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP' +fw_r1 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 1 -p tcp -m tcp --dport=636 -j DROP' +fw_r2 = 'firewall-cmd --permanent --direct --remove-rule ipv4 '\ +'filter OUTPUT 2 -j ACCEPT' +multihost.client[0].run_command(fw_r0, raiseonerr=True) +multihost.client[0].run_command(fw_r1, raiseoner