Hi everyone,
Here is a patch set fixing some things in integration tests and adding more
LDAP tests:
* Adding/removing a user/group/membership with rfc2307(bis) schema.
* Filtering users/groups with rfc2307(bis) schema.
* The effect of override_homedir option.
* The effect of fallback_homedir option.
* The effect of override_shell option.
* The effect of shell_fallback option.
* The effect of default_shell option.
* The effect of vetoed_shells option.
These are pretty basic, but I think they're good for the start.
Suggestions for more tests are welcome :)
NOTE: These still break test_memory_cache.py as seen in the attached log file.
We need to figure out why and do something with it. Otherwise, the
tests work fine.
Nick
>From d09a103901a6f86873f9510152c600a062e255ed Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
Date: Tue, 29 Sep 2015 20:00:14 +0300
Subject: [PATCH 1/7] intg: Get base DN from LDAP connection object
Don't use the global LDAP_BASE_DN in integration tests and fixtures, but
instead take it from the LDAP connection object (ldap_conn) passed to
them explicitly. This makes the tests and fixtures a bit more modular.
---
src/tests/intg/ldap_test.py | 8 ++++----
src/tests/intg/test_memory_cache.py | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index ea114dc..0287a28 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -105,7 +105,7 @@ def create_sssd_fixture(request):
@pytest.fixture
def sanity_rfc2307(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
@@ -150,7 +150,7 @@ def sanity_rfc2307(request, ldap_conn):
@pytest.fixture
def simple_rfc2307(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
@@ -181,7 +181,7 @@ def simple_rfc2307(request, ldap_conn):
@pytest.fixture
def sanity_rfc2307_bis(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
@@ -309,7 +309,7 @@ def test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
@pytest.fixture
def refresh_after_cleanup_task(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_group_bis("group1", 2001, ["user1"])
diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py
index 1f4ccb0..76d85fd 100644
--- a/src/tests/intg/test_memory_cache.py
+++ b/src/tests/intg/test_memory_cache.py
@@ -109,7 +109,7 @@ def create_sssd_fixture(request):
def load_data_to_ldap(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
--
2.5.1
>From 8eb90565998f43fdc6b9ea3564527620c862f7fb Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
Date: Tue, 29 Sep 2015 20:13:04 +0300
Subject: [PATCH 2/7] intg: Remove _rfc2307 from function names
Remove "_rfc2307" from integration test function names for brevity.
---
src/tests/intg/ldap_test.py | 12 +++----
src/tests/intg/test_memory_cache.py | 70 ++++++++++++++++++-------------------
2 files changed, 41 insertions(+), 41 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index 0287a28..e359ab4 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -104,7 +104,7 @@ def create_sssd_fixture(request):
@pytest.fixture
-def sanity_rfc2307(request, ldap_conn):
+def sanity(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
@@ -149,7 +149,7 @@ def sanity_rfc2307(request, ldap_conn):
@pytest.fixture
-def simple_rfc2307(request, ldap_conn):
+def simple(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
@@ -180,7 +180,7 @@ def simple_rfc2307(request, ldap_conn):
@pytest.fixture
-def sanity_rfc2307_bis(request, ldap_conn):
+def sanity_bis(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
@@ -238,14 +238,14 @@ def sanity_rfc2307_bis(request, ldap_conn):
return None
-def test_regression_ticket2163(ldap_conn, simple_rfc2307):
+def test_regression_ticket2163(ldap_conn, simple):
ent.assert_passwd_by_name(
'usr\\001',
dict(name='usr\\001', passwd='*', uid=181818, gid=181818,
gecos='181818', shell='/bin/bash'))
-def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
+def test_sanity(ldap_conn, sanity):
passwd_pattern = ent.contains_only(
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002', dir='/home/user2', shell='/bin/bash'),
@@ -272,7 +272,7 @@ def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
grp.getgrgid(1)
-def test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
+def test_sanity_bis(ldap_conn, sanity_bis):
passwd_pattern = ent.contains_only(
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002', dir='/home/user2', shell='/bin/bash'),
diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py
index 76d85fd..1a98a53 100644
--- a/src/tests/intg/test_memory_cache.py
+++ b/src/tests/intg/test_memory_cache.py
@@ -131,7 +131,7 @@ def load_data_to_ldap(request, ldap_conn):
@pytest.fixture
-def sanity_rfc2307(request, ldap_conn):
+def sanity(request, ldap_conn):
load_data_to_ldap(request, ldap_conn)
conf = unindent("""\
@@ -156,7 +156,7 @@ def sanity_rfc2307(request, ldap_conn):
@pytest.fixture
-def fqname_rfc2307(request, ldap_conn):
+def fqname(request, ldap_conn):
load_data_to_ldap(request, ldap_conn)
conf = unindent("""\
@@ -182,7 +182,7 @@ def fqname_rfc2307(request, ldap_conn):
@pytest.fixture
-def fqname_case_insensitive_rfc2307(request, ldap_conn):
+def fqname_case_insensitive(request, ldap_conn):
load_data_to_ldap(request, ldap_conn)
conf = unindent("""\
@@ -208,7 +208,7 @@ def fqname_case_insensitive_rfc2307(request, ldap_conn):
return None
-def test_getpwnam(ldap_conn, sanity_rfc2307):
+def test_getpwnam(ldap_conn, sanity):
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
@@ -291,13 +291,13 @@ def test_getpwnam(ldap_conn, sanity_rfc2307):
gecos='1023', shell='/bin/bash'))
-def test_getpwnam_with_mc(ldap_conn, sanity_rfc2307):
- test_getpwnam(ldap_conn, sanity_rfc2307)
+def test_getpwnam_with_mc(ldap_conn, sanity):
+ test_getpwnam(ldap_conn, sanity)
stop_sssd()
- test_getpwnam(ldap_conn, sanity_rfc2307)
+ test_getpwnam(ldap_conn, sanity)
-def test_getgrnam_simple(ldap_conn, sanity_rfc2307):
+def test_getgrnam_simple(ldap_conn, sanity):
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
@@ -317,13 +317,13 @@ def test_getgrnam_simple(ldap_conn, sanity_rfc2307):
ent.assert_group_by_gid(2020, dict(name="group2x", gid=2020))
-def test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307):
- test_getgrnam_simple(ldap_conn, sanity_rfc2307)
+def test_getgrnam_simple_with_mc(ldap_conn, sanity):
+ test_getgrnam_simple(ldap_conn, sanity)
stop_sssd()
- test_getgrnam_simple(ldap_conn, sanity_rfc2307)
+ test_getgrnam_simple(ldap_conn, sanity)
-def test_getgrnam_membership(ldap_conn, sanity_rfc2307):
+def test_getgrnam_membership(ldap_conn, sanity):
ent.assert_group_by_name(
"group1",
dict(mem=ent.contains_only("user1", "user11", "user21")))
@@ -367,10 +367,10 @@ def test_getgrnam_membership(ldap_conn, sanity_rfc2307):
dict(mem=ent.contains_only("user21", "user22", "user23")))
-def test_getgrnam_membership_with_mc(ldap_conn, sanity_rfc2307):
- test_getgrnam_membership(ldap_conn, sanity_rfc2307)
+def test_getgrnam_membership_with_mc(ldap_conn, sanity):
+ test_getgrnam_membership(ldap_conn, sanity)
stop_sssd()
- test_getgrnam_membership(ldap_conn, sanity_rfc2307)
+ test_getgrnam_membership(ldap_conn, sanity)
def assert_user_gids_equal(user, expected_gids):
@@ -385,7 +385,7 @@ def assert_user_gids_equal(user, expected_gids):
)
-def test_initgroups(ldap_conn, sanity_rfc2307):
+def test_initgroups(ldap_conn, sanity):
assert_user_gids_equal('user1', [2000, 2001])
assert_user_gids_equal('user2', [2000, 2002])
assert_user_gids_equal('user3', [2000, 2003])
@@ -399,13 +399,13 @@ def test_initgroups(ldap_conn, sanity_rfc2307):
assert_user_gids_equal('user23', [2020, 2003])
-def test_initgroups_with_mc(ldap_conn, sanity_rfc2307):
- test_initgroups(ldap_conn, sanity_rfc2307)
+def test_initgroups_with_mc(ldap_conn, sanity):
+ test_initgroups(ldap_conn, sanity)
stop_sssd()
- test_initgroups(ldap_conn, sanity_rfc2307)
+ test_initgroups(ldap_conn, sanity)
-def test_initgroups_fqname_with_mc(ldap_conn, fqname_rfc2307):
+def test_initgroups_fqname_with_mc(ldap_conn, fqname):
assert_user_gids_equal('user1@LDAP', [2000, 2001])
stop_sssd()
assert_user_gids_equal('user1@LDAP', [2000, 2001])
@@ -447,7 +447,7 @@ def assert_stored_last_initgroups(user1_case1, user1_case2, user1_case_last,
def test_initgroups_case_insensitive_with_mc1(ldap_conn,
- fqname_case_insensitive_rfc2307):
+ fqname_case_insensitive):
user1_case1 = 'User1@LDAP'
user1_case2 = 'uSer1@LDAP'
user1_case_last = 'usEr1@LDAP'
@@ -459,7 +459,7 @@ def test_initgroups_case_insensitive_with_mc1(ldap_conn,
def test_initgroups_case_insensitive_with_mc2(ldap_conn,
- fqname_case_insensitive_rfc2307):
+ fqname_case_insensitive):
user1_case1 = 'usEr1@LDAP'
user1_case2 = 'User1@LDAP'
user1_case_last = 'uSer1@LDAP'
@@ -471,7 +471,7 @@ def test_initgroups_case_insensitive_with_mc2(ldap_conn,
def test_initgroups_case_insensitive_with_mc3(ldap_conn,
- fqname_case_insensitive_rfc2307):
+ fqname_case_insensitive):
user1_case1 = 'uSer1@LDAP'
user1_case2 = 'usEr1@LDAP'
user1_case_last = 'User1@LDAP'
@@ -510,7 +510,7 @@ def run_simple_test_with_initgroups():
assert_initgroups_equal("user1", 2001, [2000, 2001])
-def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307):
+def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity):
# the sssd cache was empty and not all user's group were
# resolved with getgr{nm,gid}. Therefore there is a change in
@@ -549,7 +549,7 @@ def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307):
grp.getgrgid(gid)
-def test_initgroups_without_change_in_membership(ldap_conn, sanity_rfc2307):
+def test_initgroups_without_change_in_membership(ldap_conn, sanity):
# the sssd cache was empty and not all user's group were
# resolved with getgr{nm,gid}. Therefore there is a change in
@@ -615,7 +615,7 @@ def assert_missing_mc_records_for_user1():
"User user1, errno:%d" % err
-def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_user_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -628,7 +628,7 @@ def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_user_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -641,7 +641,7 @@ def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_users_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -654,7 +654,7 @@ def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_users_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -667,7 +667,7 @@ def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_group_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -680,7 +680,7 @@ def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_group_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -693,7 +693,7 @@ def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_groups_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -706,7 +706,7 @@ def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_groups_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -719,7 +719,7 @@ def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_everything_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -732,7 +732,7 @@ def test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_everything_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_everything_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
--
2.5.1
>From 866570e06f449981891cdc39d5c67cb677654d8e Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
Date: Mon, 28 Sep 2015 16:12:48 +0300
Subject: [PATCH 3/7] intg: Add support for specifying all user attrs
Support passing all user attributes to ldap_ent.py's user-creation
functions, in integration tests.
---
src/tests/intg/ldap_ent.py | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/src/tests/intg/ldap_ent.py b/src/tests/intg/ldap_ent.py
index 30eed9d..0bac514 100644
--- a/src/tests/intg/ldap_ent.py
+++ b/src/tests/intg/ldap_ent.py
@@ -18,7 +18,7 @@
#
-def user(base_dn, uid, uidNumber, gidNumber):
+def user(base_dn, uid, uidNumber, gidNumber, **kwargs):
"""
Generate an RFC2307(bis) user add-modlist for passing to ldap.add*
"""
@@ -28,13 +28,23 @@ def user(base_dn, uid, uidNumber, gidNumber):
"uid=" + uid + ",ou=Users," + base_dn,
[
('objectClass', ['top', 'inetOrgPerson', 'posixAccount']),
- ('cn', [uidNumber]),
- ('sn', ['User']),
+ ('cn', [kwargs['cn'] \
+ if 'cn' in kwargs else \
+ uidNumber]),
+ ('sn', [kwargs['sn'] \
+ if 'sn' in kwargs else \
+ 'User']),
('uidNumber', [uidNumber]),
('gidNumber', [gidNumber]),
- ('userPassword', ['Password' + uidNumber]),
- ('homeDirectory', ['/home/' + uid]),
- ('loginShell', ['/bin/bash']),
+ ('userPassword', [kwargs['userPassword'] \
+ if 'userPassword' in kwargs else \
+ 'Password' + uidNumber]),
+ ('homeDirectory', [kwargs['homeDirectory'] \
+ if 'homeDirectory' in kwargs else \
+ '/home/' + uid]),
+ ('loginShell', [kwargs['loginShell'] \
+ if 'loginShell' in kwargs else \
+ '/bin/bash']),
]
)
@@ -86,10 +96,10 @@ class List(list):
self.base_dn = base_dn
def add_user(self, uid, uidNumber, gidNumber,
- base_dn=None):
+ base_dn=None, **kwargs):
"""Add an RFC2307(bis) user add-modlist."""
self.append(user(base_dn or self.base_dn,
- uid, uidNumber, gidNumber))
+ uid, uidNumber, gidNumber, **kwargs))
def add_group(self, cn, gidNumber, member_uids=[],
base_dn=None):
--
2.5.1
>From 496f11e16d2949f085f5cc1cf59bfa4fd80090bc Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
Date: Tue, 29 Sep 2015 20:28:58 +0300
Subject: [PATCH 4/7] intg: Split LDAP test fixtures for flexibility
Split ldap_test.py fixtures into several functions to allow for partial
fixtures and direct use within tests.
---
src/tests/intg/ldap_test.py | 113 ++++++++++++++++++++++++++++++++------------
1 file changed, 83 insertions(+), 30 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index e359ab4..d68a890 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -59,48 +59,101 @@ def ldap_conn(request, ds_inst):
return ldap_conn
-def create_ldap_fixture(request, ldap_conn, ent_list):
- """Add LDAP entries and add teardown for removing them"""
- for entry in ent_list:
- ldap_conn.add_s(entry[0], entry[1])
- def teardown():
+def create_ldap_entries(ldap_conn, ent_list = None):
+ """Add LDAP entries from ent_list"""
+ if ent_list != None:
+ for entry in ent_list:
+ ldap_conn.add_s(entry[0], entry[1])
+
+
+def cleanup_ldap_entries(ldap_conn, ent_list = None):
+ """Remove LDAP entries added by create_ldap_entries"""
+ if ent_list == None:
+ for ou in ("Users", "Groups", "Netgroups", "Services", "Policies"):
+ for entry in ldap_conn.search_s("ou=" + ou + "," +
+ ldap_conn.ds_inst.base_dn,
+ ldap.SCOPE_ONELEVEL,
+ attrlist=[]):
+ ldap_conn.delete_s(entry[0])
+ else:
for entry in ent_list:
ldap_conn.delete_s(entry[0])
- request.addfinalizer(teardown)
-def create_conf_fixture(request, contents):
- """Generate sssd.conf and add teardown for removing it"""
+def create_ldap_cleanup(request, ldap_conn, ent_list = None):
+ """Add teardown for removing all user/group LDAP entries"""
+ request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn, ent_list))
+
+
+def create_ldap_fixture(request, ldap_conn, ent_list = None):
+ """Add LDAP entries and add teardown for removing them"""
+ create_ldap_entries(ldap_conn, ent_list)
+ create_ldap_cleanup(request, ldap_conn, ent_list)
+
+
+def create_conf_file(contents):
+ """Create sssd.conf with specified contents"""
conf = open(config.CONF_PATH, "w")
conf.write(contents)
conf.close()
os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
- request.addfinalizer(lambda: os.unlink(config.CONF_PATH))
-def create_sssd_fixture(request):
- """Start sssd and add teardown for stopping it and removing state"""
+def cleanup_conf_file():
+ """Remove sssd.conf, if it exists"""
+ if os.path.lexists(config.CONF_PATH):
+ os.unlink(config.CONF_PATH)
+
+
+def create_conf_cleanup(request):
+ """Add teardown for removing sssd.conf"""
+ request.addfinalizer(cleanup_conf_file)
+
+
+def create_conf_fixture(request, contents):
+ """
+ Create sssd.conf with specified contents and add teardown for removing it
+ """
+ create_conf_file(contents)
+ create_conf_cleanup(request)
+
+
+def create_sssd_process():
+ """Start the SSSD process"""
if subprocess.call(["sssd", "-D", "-f"]) != 0:
raise Exception("sssd start failed")
- def teardown():
- try:
- pid_file = open(config.PIDFILE_PATH, "r")
- pid = int(pid_file.read())
- os.kill(pid, signal.SIGTERM)
- while True:
- try:
- os.kill(pid, signal.SIGCONT)
- except:
- break
- time.sleep(1)
- except:
- pass
- subprocess.call(["sss_cache", "-E"])
- for path in os.listdir(config.DB_PATH):
- os.unlink(config.DB_PATH + "/" + path)
- for path in os.listdir(config.MCACHE_PATH):
- os.unlink(config.MCACHE_PATH + "/" + path)
- request.addfinalizer(teardown)
+
+
+def cleanup_sssd_process():
+ """Stop the SSSD process and remove its state"""
+ try:
+ pid_file = open(config.PIDFILE_PATH, "r")
+ pid = int(pid_file.read())
+ os.kill(pid, signal.SIGTERM)
+ while True:
+ try:
+ os.kill(pid, signal.SIGCONT)
+ except:
+ break
+ time.sleep(1)
+ except:
+ pass
+ subprocess.call(["sss_cache", "-E"])
+ for path in os.listdir(config.DB_PATH):
+ os.unlink(config.DB_PATH + "/" + path)
+ for path in os.listdir(config.MCACHE_PATH):
+ os.unlink(config.MCACHE_PATH + "/" + path)
+
+
+def create_sssd_cleanup(request):
+ """Add teardown for stopping SSSD and removing its state"""
+ request.addfinalizer(cleanup_sssd_process)
+
+
+def create_sssd_fixture(request):
+ """Start SSSD and add teardown for stopping it and removing its state"""
+ create_sssd_process()
+ create_sssd_cleanup(request)
@pytest.fixture
--
2.5.1
>From f7b700da9e12b877cdb0d2eb24a3c0978c730ddb Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
Date: Tue, 29 Sep 2015 20:46:06 +0300
Subject: [PATCH 5/7] intg: Reduce sssd.conf duplication in test_ldap.py
Use a function to generate basic sssd.conf in test_ldap.py to reduce
code duplication.
---
src/tests/intg/ldap_test.py | 145 ++++++++++++++------------------------------
1 file changed, 47 insertions(+), 98 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index d68a890..a29f701 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -91,6 +91,42 @@ def create_ldap_fixture(request, ldap_conn, ent_list = None):
create_ldap_cleanup(request, ldap_conn, ent_list)
+def format_basic_conf(ldap_conn, bis, enum):
+ """Format a basic SSSD configuration"""
+ if bis:
+ schema_conf = unindent("""\
+ ldap_schema = rfc2307bis
+ ldap_group_object_class = groupOfNames
+ """)
+ else:
+ schema_conf = unindent("""\
+ ldap_schema = rfc2307
+ """)
+ return unindent("""\
+ [sssd]
+ debug_level = 0xffff
+ domains = LDAP
+ services = nss, pam
+
+ [nss]
+ debug_level = 0xffff
+ memcache_timeout = 0
+
+ [pam]
+ debug_level = 0xffff
+
+ [domain/LDAP]
+ ldap_auth_disable_tls_never_use_in_production = true
+ debug_level = 0xffff
+ enumerate = {enum}
+ {schema_conf}
+ id_provider = ldap
+ auth_provider = ldap
+ ldap_uri = {ldap_conn.ds_inst.ldap_url}
+ ldap_search_base = {ldap_conn.ds_inst.base_dn}
+ """).format(**locals())
+
+
def create_conf_file(contents):
"""Create sssd.conf with specified contents"""
conf = open(config.CONF_PATH, "w")
@@ -172,31 +208,7 @@ def sanity(request, ldap_conn):
ent_list.add_group("two_user_group", 2012, ["user1", "user2"])
create_ldap_fixture(request, ldap_conn, ent_list)
- conf = unindent("""\
- [sssd]
- debug_level = 0xffff
- domains = LDAP
- services = nss, pam
-
- [nss]
- debug_level = 0xffff
- memcache_timeout = 0
-
- [pam]
- debug_level = 0xffff
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- debug_level = 0xffff
- enumerate = true
- ldap_schema = rfc2307
- id_provider = ldap
- auth_provider = ldap
- sudo_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
- """).format(**locals())
- create_conf_fixture(request, conf)
+ create_conf_fixture(request, format_basic_conf(ldap_conn, False, True))
create_sssd_fixture(request)
return None
@@ -206,28 +218,8 @@ def simple(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
-
create_ldap_fixture(request, ldap_conn, ent_list)
-
- conf = unindent("""\
- [sssd]
- config_file_version = 2
- domains = LDAP
- services = nss, pam
-
- [nss]
-
- [pam]
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- ldap_schema = rfc2307
- id_provider = ldap
- auth_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
- """).format(**locals())
- create_conf_fixture(request, conf)
+ create_conf_fixture(request, format_basic_conf(ldap_conn, False, False))
create_sssd_fixture(request)
return None
@@ -260,33 +252,7 @@ def sanity_bis(request, ldap_conn):
[], ["one_user_group1", "one_user_group2"])
create_ldap_fixture(request, ldap_conn, ent_list)
-
- conf = unindent("""\
- [sssd]
- debug_level = 0xffff
- domains = LDAP
- services = nss, pam
-
- [nss]
- debug_level = 0xffff
- memcache_timeout = 0
-
- [pam]
- debug_level = 0xffff
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- debug_level = 0xffff
- enumerate = true
- ldap_schema = rfc2307bis
- ldap_group_object_class = groupOfNames
- id_provider = ldap
- auth_provider = ldap
- sudo_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
- """).format(**locals())
- create_conf_fixture(request, conf)
+ create_conf_fixture(request, format_basic_conf(ldap_conn, True, True))
create_sssd_fixture(request)
return None
@@ -370,31 +336,14 @@ def refresh_after_cleanup_task(request, ldap_conn):
create_ldap_fixture(request, ldap_conn, ent_list)
- conf = unindent("""\
- [sssd]
- config_file_version = 2
- domains = LDAP
- services = nss
-
- [nss]
- memcache_timeout = 0
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- debug_level = 0xffff
- ldap_schema = rfc2307bis
- ldap_group_object_class = groupOfNames
- id_provider = ldap
- auth_provider = ldap
- sudo_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
-
- entry_cache_user_timeout = 1
- entry_cache_group_timeout = 5000
- ldap_purge_cache_timeout = 3
-
- """).format(**locals())
+ conf = \
+ format_basic_conf(ldap_conn, True, False) + \
+ unindent("""
+ [domain/LDAP]
+ entry_cache_user_timeout = 1
+ entry_cache_group_timeout = 5000
+ ldap_purge_cache_timeout = 3
+ """).format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
--
2.5.1
>From e1feef5e13125301e0281de102f56b2301c5cc89 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
Date: Wed, 30 Sep 2015 14:13:22 +0300
Subject: [PATCH 6/7] intg: Fix RFC2307bis group member creation
Fix creation of mixed user/group "member" attribute for RFC2307bis
group entries in ldap_ent.py.
---
src/tests/intg/ldap_ent.py | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/tests/intg/ldap_ent.py b/src/tests/intg/ldap_ent.py
index 0bac514..1407349 100644
--- a/src/tests/intg/ldap_ent.py
+++ b/src/tests/intg/ldap_ent.py
@@ -72,20 +72,13 @@ def group_bis(base_dn, cn, gidNumber, member_uids=[], member_gids=[]):
('objectClass', ['top', 'extensibleObject', 'groupOfNames']),
('gidNumber', [gidNumber])
]
- if len(member_uids) > 0:
- attr_list.append(
- ('member', [
- "uid=" + uid + ",ou=Users," + base_dn for
- uid in member_uids
- ])
- )
- if len(member_gids) > 0:
- attr_list.append(
- ('member', [
- "cn=" + gid + ",ou=Groups," + base_dn for
- gid in member_gids
- ])
- )
+ member_list = []
+ for uid in member_uids:
+ member_list.append("uid=" + uid + ",ou=Users," + base_dn)
+ for gid in member_gids:
+ member_list.append("cn=" + gid + ",ou=Groups," + base_dn)
+ if len(member_list) > 0:
+ attr_list.append(('member', member_list))
return ("cn=" + cn + ",ou=Groups," + base_dn, attr_list)
--
2.5.1
>From 72222b8fbc565de66874cfaa62ea0213ebf0f5a9 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
Date: Tue, 29 Sep 2015 21:18:18 +0300
Subject: [PATCH 7/7] intg: Add more LDAP tests
Add a bunch of LDAP tests.
* Adding/removing a user/group/membership with rfc2307(bis) schema.
* Filtering users/groups with rfc2307(bis) schema.
* The effect of override_homedir option.
* The effect of fallback_homedir option.
* The effect of override_shell option.
* The effect of shell_fallback option.
* The effect of default_shell option.
* The effect of vetoed_shells option.
---
src/tests/intg/ldap_test.py | 536 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 536 insertions(+)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index a29f701..b20d648 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -127,6 +127,23 @@ def format_basic_conf(ldap_conn, bis, enum):
""").format(**locals())
+def format_interactive_conf(ldap_conn, bis):
+ """Format an SSSD configuration with all caches refreshing in 4 seconds"""
+ return \
+ format_basic_conf(ldap_conn, bis, True) + \
+ unindent("""
+ [nss]
+ memcache_timeout = 4
+ enum_cache_timeout = 4
+ entry_negative_timeout = 4
+
+ [domain/LDAP]
+ ldap_enumeration_refresh_timeout = 4
+ ldap_purge_cache_timeout = 1
+ entry_cache_timeout = 4
+ """)
+
+
def create_conf_file(contents):
"""Create sssd.conf with specified contents"""
conf = open(config.CONF_PATH, "w")
@@ -368,3 +385,522 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user1")))
+
+
+@pytest.fixture
+def blank(request, ldap_conn):
+ """Create blank RFC2307 directory fixture with interactive SSSD conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, False))
+ create_sssd_fixture(request)
+
+
+@pytest.fixture
+def blank_bis(request, ldap_conn):
+ """Create blank RFC2307bis directory fixture with interactive SSSD conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, True))
+ create_sssd_fixture(request)
+
+
+@pytest.fixture
+def user_and_group(request, ldap_conn):
+ """
+ Create an RFC2307 directory fixture with interactive SSSD conf,
+ one user and one group
+ """
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user", 1001, 2000)
+ ent_list.add_group("group", 2001)
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, False))
+ create_sssd_fixture(request)
+ return None
+
+
+@pytest.fixture
+def user_and_groups_bis(request, ldap_conn):
+ """
+ Create an RFC2307bis directory fixture with interactive SSSD conf,
+ one user and two groups
+ """
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user", 1001, 2000)
+ ent_list.add_group_bis("group1", 2001)
+ ent_list.add_group_bis("group2", 2002)
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, True))
+ create_sssd_fixture(request)
+ return None
+
+
+def test_add_remove_user(ldap_conn, blank):
+ """Test user addition and removal are reflected by SSSD"""
+ e = ldap_ent.user(ldap_conn.ds_inst.base_dn, "user", 1001, 2000)
+ time.sleep(2)
+ # Add the user
+ ent.assert_passwd(ent.contains_only())
+ ldap_conn.add_s(*e)
+ ent.assert_passwd(ent.contains_only())
+ time.sleep(4)
+ ent.assert_passwd(ent.contains_only(dict(name="user", uid=1001)))
+ # Remove the user
+ ldap_conn.delete_s(e[0])
+ ent.assert_passwd(ent.contains_only(dict(name="user", uid=1001)))
+ time.sleep(4)
+ ent.assert_passwd(ent.contains_only())
+
+
+def test_add_remove_group(ldap_conn, blank):
+ """Test RFC2307 group addition and removal are reflected by SSSD"""
+ e = ldap_ent.group(ldap_conn.ds_inst.base_dn, "group", 2001)
+ time.sleep(2)
+ # Add the group
+ ent.assert_group(ent.contains_only())
+ ldap_conn.add_s(*e)
+ ent.assert_group(ent.contains_only())
+ time.sleep(4)
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ # Remove the group
+ ldap_conn.delete_s(e[0])
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ time.sleep(4)
+ ent.assert_group(ent.contains_only())
+
+
+def test_add_remove_group_bis(ldap_conn, blank_bis):
+ """Test RFC2307bis group addition and removal are reflected by SSSD"""
+ e = ldap_ent.group_bis(ldap_conn.ds_inst.base_dn, "group", 2001)
+ time.sleep(2)
+ # Add the group
+ ent.assert_group(ent.contains_only())
+ ldap_conn.add_s(*e)
+ ent.assert_group(ent.contains_only())
+ time.sleep(4)
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ # Remove the group
+ ldap_conn.delete_s(e[0])
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ time.sleep(4)
+ ent.assert_group(ent.contains_only())
+
+
+def test_add_remove_membership(ldap_conn, user_and_group):
+ """Test user membership addition and removal are reflected by SSSD"""
+ time.sleep(2)
+ # Add user to group
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only()))
+ ldap_conn.modify_s("cn=group,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_REPLACE, "memberUid", "user")])
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only()))
+ time.sleep(4)
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only("user")))
+ # Remove user from group
+ ldap_conn.modify_s("cn=group,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_DELETE, "memberUid", None)])
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only("user")))
+ time.sleep(4)
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only()))
+
+
+def test_add_remove_membership_bis(ldap_conn, user_and_groups_bis):
+ """
+ Test user and group membership addition and removal are reflected by SSSD,
+ with RFC2307bis schema
+ """
+ time.sleep(2)
+ # Add user to group1
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only()))
+ ldap_conn.modify_s("cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_REPLACE, "member",
+ "uid=user,ou=Users," + ldap_conn.ds_inst.base_dn)])
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only()))
+ time.sleep(4)
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only("user")))
+
+ # Add group1 to group2
+ ldap_conn.modify_s("cn=group2,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_REPLACE, "member",
+ "cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn)])
+ ent.assert_group_by_name("group2", dict(mem = ent.contains_only()))
+ time.sleep(4)
+ ent.assert_group_by_name("group2", dict(mem = ent.contains_only("user")))
+
+ # Remove group1 from group2
+ ldap_conn.modify_s("cn=group2,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_DELETE, "member", None)])
+ ent.assert_group_by_name("group2", dict(mem = ent.contains_only("user")))
+ time.sleep(4)
+ ent.assert_group_by_name("group2", dict(mem = ent.contains_only()))
+
+ # Remove user from group1
+ ldap_conn.modify_s("cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_DELETE, "member", None)])
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only("user")))
+ time.sleep(4)
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only()))
+
+
+@pytest.fixture
+def blank(request, ldap_conn):
+ """Create blank RFC2307 directory fixture with interactive SSSD conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, False))
+ create_sssd_fixture(request)
+
+
+@pytest.fixture
+def void_conf(request):
+ create_conf_cleanup(request)
+
+
+@pytest.fixture
+def void_sssd(request):
+ create_sssd_cleanup(request)
+
+
+@pytest.fixture
+def three_users_three_groups(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2001)
+ ent_list.add_user("user2", 1002, 2002)
+ ent_list.add_user("user3", 1003, 2003)
+ ent_list.add_group("group1", 2001, ["user1"])
+ ent_list.add_group("group2", 2002, ["user2"])
+ ent_list.add_group("group3", 2003, ["user3"])
+ create_ldap_fixture(request, ldap_conn, ent_list)
+
+
+def test_filter_users(request, ldap_conn, three_users_three_groups,
+ void_conf, void_sssd):
+ """Test the effect of the "filter_users" option"""
+ all_users = frozenset([1, 2, 3])
+ for filter_users_in_groups in [False, True]:
+ for filter_users in [frozenset([]),
+ frozenset([1]),
+ frozenset([1, 2]),
+ frozenset([1, 2, 3])]:
+ unfiltered_users = all_users - filter_users
+ filter_users_str = ",".join(map(lambda i: "user" + str(i),
+ filter_users))
+
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""
+ [nss]
+ filter_users = {filter_users_str}
+ filter_users_in_groups = {filter_users_in_groups}
+ """).format(**locals())
+ create_conf_file(conf)
+ create_sssd_process()
+ ent.assert_passwd(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(name = "user" + str(i), uid = 1000 + i),
+ unfiltered_users
+ )
+ )
+ )
+ ent.assert_group(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(
+ name = "group" + str(i),
+ gid = 2000 + i,
+ mem = ent.contains_only() \
+ if filter_users_in_groups and \
+ i in filter_users else \
+ ent.contains_only("user" + str(i))
+ ),
+ all_users
+ )
+ )
+ )
+ cleanup_sssd_process()
+ cleanup_conf_file()
+
+
+def test_filter_groups(request, ldap_conn, three_users_three_groups,
+ void_conf, void_sssd):
+ """Test the effect of the "filter_groups" option with RFC2307 groups"""
+ all_groups = frozenset([1, 2, 3])
+ for filter_groups in [frozenset([]),
+ frozenset([1]),
+ frozenset([1, 2]),
+ frozenset([1, 2, 3])]:
+ unfiltered_groups = all_groups - filter_groups
+ filter_groups_str = ",".join(map(lambda i: "group" + str(i),
+ filter_groups))
+
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""
+ [nss]
+ filter_groups = {filter_groups_str}
+ """).format(**locals())
+ create_conf_file(conf)
+ create_sssd_process()
+ ent.assert_group(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(
+ name = "group" + str(i),
+ gid = 2000 + i,
+ mem = ent.contains_only("user" + str(i))
+ ),
+ unfiltered_groups
+ )
+ )
+ )
+ cleanup_sssd_process()
+ cleanup_conf_file()
+
+
+@pytest.fixture
+def three_users_three_groups_bis(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2001)
+ ent_list.add_user("user2", 1002, 2002)
+ ent_list.add_user("user3", 1003, 2003)
+ ent_list.add_group_bis("group1", 2001, ["user1"])
+ ent_list.add_group_bis("group2", 2002, ["user2"], ["group1"])
+ ent_list.add_group_bis("group3", 2003, ["user3"], ["group2"])
+ create_ldap_fixture(request, ldap_conn, ent_list)
+
+
+def test_filter_groups_bis(request, ldap_conn, three_users_three_groups_bis,
+ void_conf, void_sssd):
+ """Test the effect of the "filter_groups" option with RFC2307bis groups"""
+ all_groups = frozenset([1, 2, 3])
+ for filter_groups in [frozenset([]),
+ frozenset([1]),
+ frozenset([1, 2]),
+ frozenset([1, 2, 3])]:
+ unfiltered_groups = all_groups - filter_groups
+ filter_groups_str = ",".join(map(lambda i: "group" + str(i),
+ filter_groups))
+
+ conf = \
+ format_basic_conf(ldap_conn, True, True) + \
+ unindent("""
+ [nss]
+ filter_groups = {filter_groups_str}
+ """).format(**locals())
+ create_conf_file(conf)
+ create_sssd_process()
+ ent.assert_group(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(
+ name = "group" + str(i),
+ gid = 2000 + i,
+ mem = ent.contains_only(
+ *map(lambda j: "user" + str(j),
+ range(1, i + 1)))
+ ),
+ unfiltered_groups
+ )
+ )
+ )
+ cleanup_sssd_process()
+ cleanup_conf_file()
+
+
+@pytest.fixture
+def override_homedir(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_homedir_A", 1001, 2001,
+ homeDirectory = "/home/A")
+ ent_list.add_user("user_with_homedir_B", 1002, 2002,
+ homeDirectory = "/home/B")
+ ent_list.add_user("user_with_empty_homedir", 1003, 2003,
+ homeDirectory = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ override_homedir = /home/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_override_homedir(override_homedir):
+ """Test the effect of the "override_homedir" option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_homedir_A", uid=1001, dir="/home/B"),
+ dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
+ dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
+ )
+ )
+
+
+@pytest.fixture
+def fallback_homedir(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_homedir_A", 1001, 2001,
+ homeDirectory = "/home/A")
+ ent_list.add_user("user_with_homedir_B", 1002, 2002,
+ homeDirectory = "/home/B")
+ ent_list.add_user("user_with_empty_homedir", 1003, 2003,
+ homeDirectory = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ fallback_homedir = /home/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_fallback_homedir(fallback_homedir):
+ """Test the effect of the "fallback_homedir" option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_homedir_A", uid=1001, dir="/home/A"),
+ dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
+ dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
+ )
+ )
+
+
+@pytest.fixture
+def override_shell(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_shell_A", 1001, 2001,
+ loginShell = "/bin/A")
+ ent_list.add_user("user_with_shell_B", 1002, 2002,
+ loginShell = "/bin/B")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ override_shell = /bin/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_override_shell(override_shell):
+ """Test the effect of the "override_shell" option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_shell_A", uid=1001, shell="/bin/B"),
+ dict(name="user_with_shell_B", uid=1002, shell="/bin/B"),
+ dict(name="user_with_empty_shell", uid=1003, shell="/bin/B")
+ )
+ )
+
+
+@pytest.fixture
+def shell_fallback(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell = "/bin/sh")
+ ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
+ loginShell = "/bin/not_installed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ shell_fallback = /bin/fallback
+ allowed_shells = /bin/not_installed
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_shell_fallback(shell_fallback):
+ """Test the effect of the "shell_fallback" option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
+ dict(name="user_with_not_installed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003, shell="")
+ )
+ )
+
+
+@pytest.fixture
+def default_shell(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell = "/bin/sh")
+ ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
+ loginShell = "/bin/not_installed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ default_shell = /bin/default
+ allowed_shells = /bin/default, /bin/not_installed
+ shell_fallback = /bin/fallback
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_default_shell(default_shell):
+ """Test the effect of the "default_shell" option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
+ dict(name="user_with_not_installed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003,
+ shell="/bin/default")
+ )
+ )
+
+
+@pytest.fixture
+def vetoed_shells(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell = "/bin/sh")
+ ent_list.add_user("user_with_vetoed_shell", 1002, 2002,
+ loginShell = "/bin/vetoed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ default_shell = /bin/default
+ vetoed_shells = /bin/vetoed
+ shell_fallback = /bin/fallback
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_vetoed_shells(vetoed_shells):
+ """Test the effect of the "vetoed_shells" option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
+ dict(name="user_with_vetoed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003,
+ shell="/bin/default")
+ )
+ )
--
2.5.1
____________________________________________________________________________________________________________________________________________________
test_getpwnam_with_mc
____________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 297, in test_getpwnam_with_mc
test_getpwnam(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 215, in test_getpwnam
gecos='1001', shell='/bin/bash'))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 218, in assert_passwd_by_name
assert False, err
AssertionError: 'getpwnam(): name not found: user1'
________________________________________________________________________________________________________________________________________________
test_getgrnam_simple_with_mc
_________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 323, in test_getgrnam_simple_with_mc
test_getgrnam_simple(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 301, in test_getgrnam_simple
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 378, in assert_group_by_name
assert False, err
AssertionError: 'getgrnam(): name not found: group1'
______________________________________________________________________________________________________________________________________________
test_getgrnam_membership_with_mc
_______________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 373, in test_getgrnam_membership_with_mc
test_getgrnam_membership(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 329, in test_getgrnam_membership
dict(mem=ent.contains_only("user1", "user11", "user21")))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 378, in assert_group_by_name
assert False, err
AssertionError: 'getgrnam(): name not found: group1'
___________________________________________________________________________________________________________________________________________________
test_initgroups_with_mc
___________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 405, in test_initgroups_with_mc
test_initgroups(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 389, in test_initgroups
assert_user_gids_equal('user1', [2000, 2001])
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 377, in assert_user_gids_equal
(res, errno, gids) = sssd_id.get_user_gids(user)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/sssd_id.py", line
91, in get_user_gids
pwd_user = pwd.getpwnam(user)
KeyError: 'getpwnam(): name not found: user1'
_______________________________________________________________________________________________________________________________________________
test_initgroups_fqname_with_mc
________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 411, in test_initgroups_fqname_with_mc
assert_user_gids_equal('user1@LDAP', [2000, 2001])
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 377, in assert_user_gids_equal
(res, errno, gids) = sssd_id.get_user_gids(user)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/sssd_id.py", line
91, in get_user_gids
pwd_user = pwd.getpwnam(user)
KeyError: 'getpwnam(): name not found: user1@LDAP'
_________________________________________________________________________________________________________________________________________
test_invalidation_of_gids_after_initgroups
__________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 526, in test_invalidation_of_gids_after_initgroups
gecos='1001', shell='/bin/bash'))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 218, in assert_passwd_by_name
assert False, err
AssertionError: 'getpwnam(): name not found: user1'
________________________________________________________________________________________________________________________________________
test_initgroups_without_change_in_membership
_________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 570, in test_initgroups_without_change_in_membership
run_simple_test_with_initgroups()
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 489, in run_simple_test_with_initgroups
gecos='1001', shell='/bin/bash'))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 218, in assert_passwd_by_name
assert False, err
AssertionError: 'getpwnam(): name not found: user1'
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
