URL: https://github.com/SSSD/sssd/pull/5434
Author: sidecontrol
Title: #5434: Adding multihost tests for ad_allow_remote_domain_local_groups,
bz1883488 bz1756240
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5434/head:pr5434
git checkout pr5434
From 4d82afa3a4b85df283688222c8cdce381f64063e Mon Sep 17 00:00:00 2001
From: Dan Lavu <dl...@redhat.com>
Date: Wed, 18 Nov 2020 21:05:57 -0500
Subject: [PATCH 1/2] Adding tests to cover ad discovery improvements using
cldap
* This test requires a primary and secondary domain controller so AD can be moved between sites
* Currently contains four test cases
** Two DCs in one site no restrictions.
** Two DCs in one site, traffic blocked to the other DC
** DCs in seperate sites no restrictions
** DCs in seperate sites, traffic blocked to the other DC
Signed-off-by: Dan Lavu <dl...@redhat.com>
SSSD-2497
---
src/tests/multihost/adsites/conftest.py | 304 ++++++++++++++++++++
src/tests/multihost/adsites/pytest.ini | 3 +
src/tests/multihost/adsites/readme.rst | 134 +++++++++
src/tests/multihost/adsites/test_adsites.py | 213 ++++++++++++++
4 files changed, 654 insertions(+)
create mode 100644 src/tests/multihost/adsites/conftest.py
create mode 100644 src/tests/multihost/adsites/pytest.ini
create mode 100644 src/tests/multihost/adsites/readme.rst
create mode 100644 src/tests/multihost/adsites/test_adsites.py
diff --git a/src/tests/multihost/adsites/conftest.py b/src/tests/multihost/adsites/conftest.py
new file mode 100644
index 0000000000..a491f5b8c1
--- /dev/null
+++ b/src/tests/multihost/adsites/conftest.py
@@ -0,0 +1,304 @@
+
+""" Common AD Fixtures """
+from __future__ import print_function
+import subprocess
+import time
+import pytest
+import os
+import posixpath
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
+from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.exceptions import SSSDException
+from sssd.testlib.common.samba import sambaTools
+from sssd.testlib.common.utils import ADOperations
+from sssd.testlib.common.utils import sssdTools
+
+
+def pytest_configure():
+ """ Namespace hook, Adds below dict to pytest namespace """
+ pytest.num_masters = 0
+ pytest.num_ad = 2
+ pytest.num_atomic = 0
+ pytest.num_replicas = 0
+ pytest.num_clients = 1
+ pytest.num_others = 0
+
+# ######## Function scoped Fixtures ####################
+
+
+@pytest.fixture(scope="function")
+def smbconfig(session_multihost, request):
+ """ Configure smb.conf """
+ sambaclient = sambaTools(session_multihost.client[0],
+ session_multihost.ad[0])
+ sambaclient.smbadsconf()
+
+ def restore():
+ """ Restore smb.conf """
+ restoresmb = 'cp -f /etc/samba/smb.conf.orig /etc/samba/smb.conf'
+ session_multihost.client[0].run_command(restoresmb, raiseonerr=False)
+ removebkup = 'rm -f /etc/samba/smb.conf.orig'
+ session_multihost.client[0].run_command(removebkup, raiseonerr=False)
+ request.addfinalizer(restore)
+
+
+@pytest.fixture(scope='function')
+def run_powershell_script(session_multihost, request):
+ """ Run Powershell script """
+ cwd = os.path.dirname(os.path.abspath(__file__))
+ split_cwd = cwd.split('/')
+ idx = split_cwd.index('pytest')
+ path_list = split_cwd[:idx + 1]
+ sssd_qe_path = '/'.join(path_list)
+ data_path = "%s/data" % sssd_qe_path
+
+ def _script(name):
+ """ Run powershell script """
+ filename = name
+ remote_file_path = posixpath.join('/home/administrator', filename)
+ source_file_path = posixpath.join(data_path, filename)
+ session_multihost.ad[0].transport.put_file(source_file_path,
+ remote_file_path)
+ pwrshell_cmd = 'powershell.exe -inputformat '\
+ 'none -noprofile ./%s' % filename
+ cmd = session_multihost.ad[0].run_command(pwrshell_cmd,
+ raiseonerr=False)
+ return cmd
+ return _script
+
+
+@pytest.fixture(scope="function")
+def adjoin(session_multihost, request):
+ """ Join to AD using net ads command """
+ ad_realm = session_multihost.ad[0].realm
+ ad_ip = session_multihost.ad[0].ip
+ client_ad = sssdTools(session_multihost.client[0], session_multihost.ad[0])
+
+ client_ad.disjoin_ad() # Make sure system is disjoined from AD
+ client_ad.create_kdcinfo(ad_realm, ad_ip)
+ kinit = "kinit Administrator"
+ ad_password = session_multihost.ad[0].ssh_password
+ try:
+ session_multihost.client[0].run_command(kinit, stdin_text=ad_password)
+ except subprocess.CalledProcessError:
+ pytest.fail("kinit failed")
+
+ def _join(membersw=None):
+ """ Join AD """
+ if membersw == 'samba':
+ client_ad.join_ad(ad_realm, ad_password, mem_sw='samba')
+ else:
+ client_ad.join_ad(ad_realm, ad_password)
+
+ def adleave():
+ """ Disjoin AD """
+ client_ad.disjoin_ad()
+ remove_keytab = 'rm -f /etc/krb5.keytab'
+ kdestroy_cmd = 'kdestroy -A'
+ session_multihost.client[0].run_command(kdestroy_cmd)
+ session_multihost.client[0].run_command(remove_keytab)
+ request.addfinalizer(adleave)
+ return _join
+
+
+@pytest.fixture(scope="function")
+def get_rid(session_multihost, create_aduser_group):
+ """
+ Find Relative ID from object SID
+ :param obj session_multihost: multihost object
+ :Return: RID value
+ """
+ (user, _) = create_aduser_group
+ client = sssdTools(session_multihost.client[0], session_multihost.ad[0])
+ client.clear_sssd_cache()
+ ad_user = '{}@{}'.format(user, session_multihost.ad[0].domainname)
+ getent = 'getent passwd %s' % ad_user
+ cmd = session_multihost.client[0].run_command(getent, raiseonerr=False)
+ if cmd.returncode == 0:
+ rid = client.find_rid(ad_user)
+ return (ad_user, rid)
+ else:
+ pytest.fail("%s User lookup failed" % ad_user)
+
+
+@pytest.fixture(scope="function")
+def keytab_sssd_conf(session_multihost, request, adjoin):
+ """ Add parameters required for keytab rotation in sssd.conf """
+ adjoin(membersw='samba')
+ client = sssdTools(session_multihost.client[0], session_multihost.ad[0])
+ client.backup_sssd_conf()
+ sssd_params = {'ad_maximum_machine_account_password_age': '1',
+ 'ad_machine_account_password_renewal_opts': '300:15',
+ 'debug_level': '9'}
+ domain_name = client.get_domain_section_name()
+ domain_section = 'domain/{}'.format(domain_name)
+ client.sssd_conf(domain_section, sssd_params,)
+
+ def restore_sssd_conf():
+ """ Restore original sssd.conf """
+ client.restore_sssd_conf()
+ request.addfinalizer(restore_sssd_conf)
+
+
+@pytest.fixture(scope="function")
+def cifsmount(session_multihost, request):
+ """ Mount cifs share and create files with
+ different permissions
+ """
+ ad_user = 'idmfoouser1'
+ ad_group = 'idmfoogroup1'
+ kinit = 'kinit %s' % ad_user
+ server = session_multihost.master[0].sys_hostname.strip().split('.')[0]
+ share_path = '/mnt/samba/share1'
+ session_multihost.client[0].run_command(kinit, stdin_text='Secret123')
+ mountcifs = "mount -t cifs -o cifsacl "\
+ "-o sec=krb5 -o username=%s //%s/share1"\
+ " /mnt/samba/share1" % (ad_user, server)
+ cmd = session_multihost.client[0].run_command(mountcifs, raiseonerr=False)
+ time.sleep(5)
+ if cmd.returncode != 0:
+ journalctl = 'journalctl -x -n 50 --no-pager'
+ session_multihost.client[0].run_command(journalctl)
+
+ def cifsunmount():
+ """ Umount the cifs shares """
+ umount = "umount /mnt/samba/share1"
+ cmd = session_multihost.client[0].run_command(umount, raiseonerr=False)
+ assert cmd.returncode == 0
+ kdestroy = 'kdestroy -A'
+ session_multihost.client[0].run_command(kdestroy, raiseonerr=False)
+ request.addfinalizer(cifsunmount)
+
+
+@pytest.fixture(scope='function')
+def backupsssdconf(session_multihost, request):
+ """ Backup and restore sssd.conf """
+ bkup = 'cp -f %s %s.orig' % (SSSD_DEFAULT_CONF,
+ SSSD_DEFAULT_CONF)
+ session_multihost.client[0].run_command(bkup)
+ session_multihost.client[0].service_sssd('stop')
+
+ def restoresssdconf():
+ """ Restore sssd.conf """
+ restore = 'cp -f %s.orig %s' % (SSSD_DEFAULT_CONF, SSSD_DEFAULT_CONF)
+ session_multihost.client[0].run_command(restore)
+ request.addfinalizer(restoresssdconf)
+
+
+@pytest.fixture(scope='function')
+def create_site(session_multihost, request):
+ ad2_hostname = session_multihost.ad[1].hostname
+ ad2_shostname = ad2_hostname.strip().split('.')[0]
+ site = "Raleigh"
+
+ cmd_create_site = "powershell.exe -inputformat none -noprofile " \
+ "'(New-ADReplicationSite -Name \"%s\" " \
+ "-Confirm:$false)'" % site
+ cmd_move_ad2 = "powershell.exe -inputformat none -noprofile " \
+ "'(Move-ADDirectoryServer -Identity \"%s\" -Site \"%s\" " \
+ "-Confirm:$false)'" % (ad2_shostname, site)
+
+ session_multihost.ad[0].run_command(cmd_create_site)
+ session_multihost.ad[0].run_command(cmd_move_ad2)
+
+ def teardown_site():
+ cmd_move_ad2back = "powershell.exe -inputformat none -noprofile " \
+ "'(Move-ADDirectoryServer -Identity \"%s\" " \
+ "-Site \"Default-First-Site-Name\" " \
+ "-Confirm:$false)'" % ad2_shostname
+ cmd_remove_site2 = "powershell.exe -inputformat none -noprofile " \
+ "'(Remove-ADReplicationSite \"%s\" " \
+ "-Confirm:$false)'" % site
+ session_multihost.ad[0].run_command(cmd_move_ad2back)
+ session_multihost.ad[0].run_command(cmd_remove_site2)
+
+ request.addfinalizer(teardown_site)
+
+
+# ############## class scoped Fixtures ##############################
+
+
+@pytest.fixture(scope="class")
+def multihost(session_multihost, request):
+ """ Multihost fixture to be used by tests
+ :param obj session_multihost: multihost object
+ :return obj session_multihost: return multihost object
+ :Exceptions: None
+ """
+ if hasattr(request.cls(), 'class_setup'):
+ request.cls().class_setup(session_multihost)
+ request.addfinalizer(
+ lambda: request.cls().class_teardown(session_multihost))
+ return session_multihost
+
+
+@pytest.fixture(scope="class")
+def clear_sssd_cache(session_multihost):
+ """ Clear sssd cache """
+ client = sssdTools(session_multihost.client[0])
+ client.clear_sssd_cache()
+
+@pytest.fixture(scope="class")
+def joinad(session_multihost, request):
+ """ class fixture to join AD using realm """
+ client = sssdTools(session_multihost.client[0], session_multihost.ad[0])
+ client.disjoin_ad() # Make sure system is disjoined from AD
+ kinit = "kinit Administrator"
+ ad_password = session_multihost.ad[0].ssh_password
+ realm_output = client.join_ad()
+ try:
+ session_multihost.client[0].service_sssd('restart')
+ except SSSDException:
+ cmd = 'cat /etc/sssd/sssd.conf'
+ session_multihost.client[0].run_command(cmd)
+ journal = 'journalctl -x -n 150 --no-pager'
+ session_multihost.client[0].run_command(journal)
+ retry = 0
+ while (retry != 5):
+ cmd = session_multihost.client[0].run_command(kinit,
+ stdin_text=ad_password,
+ raiseonerr=False)
+ if cmd.returncode == 0:
+ break
+ else:
+ retry += 1
+ time.sleep(5)
+
+ def disjoin():
+ """ Disjoin system from Windows AD """
+ client.disjoin_ad()
+ stop_sssd = 'systemctl stop sssd'
+ remove_keytab = 'rm -f /etc/krb5.keytab'
+ kdestroy_cmd = 'kdestroy -A'
+ session_multihost.client[0].run_command(stop_sssd)
+ session_multihost.client[0].run_command(remove_keytab)
+ session_multihost.client[0].run_command(kdestroy_cmd)
+ request.addfinalizer(disjoin)
+
+# ################### Session scoped fixtures #########################
+
+
+@pytest.fixture(scope="session", autouse=True)
+def setup_session(request, session_multihost):
+ """ Setup Session """
+ client = sssdTools(session_multihost.client[0])
+ realm = session_multihost.ad[0].realm
+ ad_host = session_multihost.ad[0].sys_hostname
+ try:
+ master = sssdTools(session_multihost.master[0])
+ except IndexError:
+ pass
+ else:
+ master.server_install_pkgs()
+ master.update_resolv_conf(session_multihost.ad[0].ip)
+ client.client_install_pkgs()
+ client.update_resolv_conf(session_multihost.ad[0].ip)
+ client.clear_sssd_cache()
+ client.systemsssdauth(realm, ad_host)
+
+ def teardown_session():
+ """ Teardown session """
+ session_multihost.client[0].service_sssd('stop')
+ remove_sssd_conf = 'rm -f /etc/sssd/sssd.conf'
+ session_multihost.client[0].run_command(remove_sssd_conf)
+ request.addfinalizer(teardown_session)
diff --git a/src/tests/multihost/adsites/pytest.ini b/src/tests/multihost/adsites/pytest.ini
new file mode 100644
index 0000000000..4b0d37efe9
--- /dev/null
+++ b/src/tests/multihost/adsites/pytest.ini
@@ -0,0 +1,3 @@
+[pytest]
+markers =
+ adsites: tests the require two domain controllers
diff --git a/src/tests/multihost/adsites/readme.rst b/src/tests/multihost/adsites/readme.rst
new file mode 100644
index 0000000000..3bdcb6a9aa
--- /dev/null
+++ b/src/tests/multihost/adsites/readme.rst
@@ -0,0 +1,134 @@
+AD Provider Test Suite
+======================
+
+This directory contains test automation for SSSD AD Provider.
+
+
+Fixtures
+========
+
+
+session
+*******
+
+* setup_session: This fixtures does the following tasks:
+
+
+ * Install common required packages like
+ * Updated /etc/resolv.conf with Windows IP Address
+ * Clear sssd cache
+ * Configure system to use sssd authentication
+
+
+* teardown_session: This is not a fixtures but a teardown of ``setup_session``
+
+ * Restores resolv.conf
+ * Stop sssd service
+ * remove sssd.conf
+
+
+class
+*****
+
+* multihost: This fixture returns multihost object. Also using builtin request
+ fixture we pass ``class_setup`` and ``class_teardown``. If the test suite defines
+ class_setup and class_teardown functions, multihost object will be available
+ to execute any remote functions.
+
+* clear_sssd_cache: Stops sssd service. Removes cache files from
+ ``/var/lib/sss/db`` and starts sssd service. Sleeps for 10 seconds.
+
+* enable_autofs_schema: Backup sssd.conf and Edit sssd.conf and specify
+ ``autofs_provider = ad`` and ``debug_level = 9``
+
+* enable_ad_sudoschema: Enable AD Sudo Schema
+
+* create_ad_sudousers: Create users in Windows Active Directory with username
+ from ``sudo_idmuser1`` to ``sudo_idmuser10``.
+
+* sudorules: Create AD sudo rules ``less_user_rule1`` to ``less_user_rule10``::
+
+
+ # less_user_rule1, Sudoers, juno.test
+ dn: CN=less_user_rule1,OU=Sudoers,DC=juno,DC=test
+ objectClass: top
+ objectClass: sudoRole
+ cn: less_user_rule1
+ distinguishedName: CN=less_user_rule1,OU=Sudoers,DC=juno,DC=test
+ instanceType: 4
+ whenCreated: 20190416073735.0Z
+ whenChanged: 20190416073736.0Z
+ uSNCreated: 1283544
+ uSNChanged: 1283547
+ name: less_user_rule1
+ objectGUID:: wYiyH7dlT0G/5y40LPgHpw==
+ objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=juno,DC=test
+ dSCorePropagationData: 16010101000000.0Z
+ sudoHost: ALL
+ sudoUser: sudo_idmuserN
+ sudoUser: sudo_idmus...@juno.test
+ sudoOption: !authenticate
+ sudoOption: !requiretty
+ sudoCommand: /usr/bin/less
+
+* joinad: Join the system to Windows AD using realm with membercli-software
+ being adcli.
+
+
+
+function
+********
+
+* smbconfig: Configure smb.conf ::
+
+ [global]
+ workgroup = <DOMAIN>
+ security = ads
+ realm = <DOMAIN.COM>
+ netbios name = <samba-client-shortname>
+ kerberos method = secrets and keytab
+ client signing = yes
+ client use spnego = yes
+ log file = /var/log/samba/log.%m
+ max log size = 50
+ log level = 9
+
+
+* create_adgrp: fixture to create AD Groups . Runs ``adgroup.ps1`` powershell
+ script. powershell script::
+
+ #Following Powershell script will add the group in AD server
+ #and set GroupScope as Global and GroupCtegory as Security and
+ #also set MemberOf BuiltIn group as Administrator
+
+ Import-Module ActiveDirectory
+
+ $grname = -join ((65..90) + (97..122) | Get-Random -Count 7 | % {[char]$_})
+
+ Write-Host $grname
+
+ New-ADGroup -Name $grname -GroupScope Global -GroupCategory Security
+
+ Add-ADPrincipalGroupMembership -MemberOf Administrators -Identity $grname
+
+
+
+* create_aduser_group: Creates AD user ``testuser<randomnumber>`` and AD Groups
+ ``testgroup<randomnumber>``
+
+* add_nisobject:
+
+ * uses Indirect parameterization and takes map name as the parameter from
+ test case. (example: ``/export``, ``/project1``)
+ * Installs nfs-utils package on nfs server and starts nfs-server.
+ * Add map based on request parameter.
+
+
+* set_autofs_search_base: Enable autofs search base in sssd.conf
+
+* add_user_in_domain_local_group: Add domain local AD group
+ ``ltestgoup<randomnumber>``
+
+* add_principals: Add ``HTTP`` and ``NFS`` service principals in Windows AD
+
+
diff --git a/src/tests/multihost/adsites/test_adsites.py b/src/tests/multihost/adsites/test_adsites.py
new file mode 100644
index 0000000000..a277465755
--- /dev/null
+++ b/src/tests/multihost/adsites/test_adsites.py
@@ -0,0 +1,213 @@
+from __future__ import print_function
+import time
+import pytest
+from sssd.testlib.common.utils import sssdTools
+
+
+@pytest.mark.adsites
+class Testadsites(object):
+ """
+ @Title: IDM-SSSD-TC: ad_provider: adsites:
+ Improve AD site discovery process
+ Test cases for BZ: 1819012
+
+ @Steps:
+ 1. Join client to AD
+ 2. Start SSSD and enable debug
+ 3. Create secondary site, move second domain controller to second site
+ """
+ @pytest.mark.adsites
+ def test_001_ad_startup_discovery(self, multihost, adjoin):
+ """
+ @Title: IDM-SSSD-TC: ad_startup_discovery
+ * grep sssd domain logs for cldap ping
+ * grep sssd logs for cldap ping parallel batch
+ * grep sssd logs for cldap ping domain discovery
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ domain = client.get_domain_section_name()
+ domain_section = 'domain/{}'.format(domain)
+ sssd_params = {'debug_level': '0xFFF0'}
+ client.sssd_conf(domain_section, sssd_params)
+
+ ad1 = multihost.ad[0].hostname
+ ad2 = multihost.ad[1].hostname
+ multihost.client[0].service_sssd('start')
+
+ cmd_id = 'id Administrator@%s' % domain
+ multihost.client[0].run_command(cmd_id)
+
+ cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
+ assert check_ping.returncode == 0
+ cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad1)
+ check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
+ cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad2)
+ check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
+ if check_batch1.returncode == 0 or check_batch2.returncode == 0:
+ assert True
+ else:
+ assert False
+ cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
+ assert check_discovery.returncode == 0
+
+ @pytest.mark.adsites
+ def test_002_ad_startup_discovery_one_server_unreachable(self, multihost, adjoin):
+ """
+ @Title: IDM-SSSD-TC: ad_startup_discovery_one_server_unreachable
+ * grep sssd domain logs for cldap ping
+ * grep sssd logs for cldap ping parallel batch
+ * grep sssd logs for cldap ping domain discovery
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ domain = client.get_domain_section_name()
+ domain_section = 'domain/{}'.format(domain)
+ sssd_params = {'debug_level': '0xFFF0'}
+ client.sssd_conf(domain_section, sssd_params)
+
+ ad1 = multihost.ad[0].hostname
+ ad2 = multihost.ad[1].hostname
+ ad2ip = multihost.ad[1].ip
+
+ cmd_dnf_firewalld = 'dnf install -y firewalld'
+ multihost.client[0].run_command(cmd_dnf_firewalld)
+ cmd_start_firewalld = 'systemctl start firewalld'
+ multihost.client[0].run_command(cmd_start_firewalld)
+ fw_add = 'firewall-cmd --permanent --direct --add-rule ipv4 ' \
+ 'filter OUTPUT 0 -d %s -j DROP' % ad2ip
+ fw_reload = 'firewall-cmd --reload'
+ multihost.client[0].run_command(fw_add, raiseonerr=True)
+ multihost.client[0].run_command(fw_reload, raiseonerr=True)
+ multihost.client[0].service_sssd('start')
+
+ cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
+ assert check_ping.returncode == 0
+ cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad1)
+ check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
+ cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad2)
+ check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
+ if check_batch1.returncode == 1 and check_batch2.returncode == 0:
+ assert True
+ else:
+ assert False
+ cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
+ assert check_discovery.returncode == 0
+
+ fw_stop = 'systemctl stop firewalld'
+ multihost.client[0].run_command(fw_stop, raiseonerr=True)
+ fw_remove = 'dnf remove -y firewalld'
+ multihost.client[0].run_command(fw_remove, raiseonerr=True)
+
+ @pytest.mark.adsites
+ def test_003_ad_startup_discovery_two_different_sites(self, multihost, adjoin, create_site):
+ """
+ @Title: IDM-SSSD-TC: ad_startup_discovery_two_different_sites
+ * grep sssd domain logs for cldap ping
+ * grep sssd logs for cldap ping parallel batch
+ * grep sssd logs for cldap ping domain discovery
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ domain = client.get_domain_section_name()
+ domain_section = 'domain/{}'.format(domain)
+ sssd_params = {'debug_level': '0xFFF0'}
+ client.sssd_conf(domain_section, sssd_params)
+
+ ad1 = multihost.ad[0].hostname
+ ad2 = multihost.ad[1].hostname
+ multihost.client[0].service_sssd('start')
+
+ cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
+ assert check_ping.returncode == 0
+ cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad1)
+ check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
+ cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad2)
+ check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
+ if check_batch1.returncode == 0 or check_batch2.returncode == 0:
+ assert True
+ else:
+ assert False
+ cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
+ assert check_discovery.returncode == 0
+
+ @pytest.mark.adsites
+ def test_004_ad_startup_discovery_two_different_sites_one_server_unreachable(self, multihost, adjoin, create_site):
+ """
+ @Title: IDM-SSSD-TC: ad_startup_discovery_two_different_sites_one_server_unreachable
+ * grep sssd domain logs for cldap ping
+ * grep sssd logs for cldap ping parallel batch
+ * grep sssd logs for cldap ping domain discovery
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ domain = client.get_domain_section_name()
+ domain_section = 'domain/{}'.format(domain)
+ sssd_params = {'debug_level': '0xFFF0'}
+ client.sssd_conf(domain_section, sssd_params)
+
+ ad1 = multihost.ad[0].hostname
+ ad2 = multihost.ad[1].hostname
+ ad2ip = multihost.ad[1].ip
+
+ cmd_dnf_firewalld = 'dnf install -y firewalld'
+ multihost.client[0].run_command(cmd_dnf_firewalld)
+ cmd_start_firewalld = 'systemctl start firewalld'
+ multihost.client[0].run_command(cmd_start_firewalld)
+ fw_add = 'firewall-cmd --permanent --direct --add-rule ipv4 ' \
+ 'filter OUTPUT 0 -d %s -j DROP' % ad2ip
+ fw_reload = 'firewall-cmd --reload'
+ multihost.client[0].run_command(fw_add, raiseonerr=True)
+ multihost.client[0].run_command(fw_reload, raiseonerr=True)
+
+ multihost.client[0].service_sssd('start')
+
+ cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
+ assert check_ping.returncode == 0
+ cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad1)
+ check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
+ cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \" %s\"' % (domain, ad2)
+ check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
+ if check_batch1.returncode == 1 and check_batch2.returncode == 0:
+ assert True
+ else:
+ assert False
+ cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
+ 'grep -ire \"Found 2 domain controllers in domain ' \
+ 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
+ check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
+ assert check_discovery.returncode == 0
+
+ fw_stop = 'systemctl stop firewalld'
+ multihost.client[0].run_command(fw_stop, raiseonerr=True)
+ fw_remove = 'dnf remove -y firewalld'
+ multihost.client[0].run_command(fw_remove, raiseonerr=True)
\ No newline at end of file
From 525d3c4f3be9a0afd4888149f501b59a28aa9bf7 Mon Sep 17 00:00:00 2001
From: Dan Lavu <dl...@redhat.com>
Date: Sun, 29 Nov 2020 17:47:02 -0500
Subject: [PATCH 2/2] Adding multihost tests for
ad_allow_remote_domain_local_groups, bz1883488 bz1756240
This is the first multihost test that requires more than one AD server, it requires
a root, child and tree domain and users created from the playbooks in CI.
Signed-off-by: Dan Lavu <dl...@redhat.com>
---
.../{adsites => admultidomain}/conftest.py | 39 +---
src/tests/multihost/admultidomain/pytest.ini | 5 +
.../{adsites => admultidomain}/readme.rst | 42 ++--
.../admultidomain/test_admultidomain.py | 186 +++++++++++++++
src/tests/multihost/adsites/pytest.ini | 3 -
src/tests/multihost/adsites/test_adsites.py | 213 ------------------
.../multihost/sssd/testlib/common/qe_class.py | 8 +-
7 files changed, 223 insertions(+), 273 deletions(-)
rename src/tests/multihost/{adsites => admultidomain}/conftest.py (85%)
create mode 100644 src/tests/multihost/admultidomain/pytest.ini
rename src/tests/multihost/{adsites => admultidomain}/readme.rst (87%)
create mode 100644 src/tests/multihost/admultidomain/test_admultidomain.py
delete mode 100644 src/tests/multihost/adsites/pytest.ini
delete mode 100644 src/tests/multihost/adsites/test_adsites.py
diff --git a/src/tests/multihost/adsites/conftest.py b/src/tests/multihost/admultidomain/conftest.py
similarity index 85%
rename from src/tests/multihost/adsites/conftest.py
rename to src/tests/multihost/admultidomain/conftest.py
index a491f5b8c1..731ade58e3 100644
--- a/src/tests/multihost/adsites/conftest.py
+++ b/src/tests/multihost/admultidomain/conftest.py
@@ -6,18 +6,16 @@
import pytest
import os
import posixpath
-from sssd.testlib.common.paths import SSSD_DEFAULT_CONF, NSSWITCH_DEFAULT_CONF
-from sssd.testlib.common.qe_class import session_multihost
+from sssd.testlib.common.paths import SSSD_DEFAULT_CONF
from sssd.testlib.common.exceptions import SSSDException
from sssd.testlib.common.samba import sambaTools
-from sssd.testlib.common.utils import ADOperations
from sssd.testlib.common.utils import sssdTools
def pytest_configure():
""" Namespace hook, Adds below dict to pytest namespace """
pytest.num_masters = 0
- pytest.num_ad = 2
+ pytest.num_ad = 3
pytest.num_atomic = 0
pytest.num_replicas = 0
pytest.num_clients = 1
@@ -185,36 +183,6 @@ def restoresssdconf():
request.addfinalizer(restoresssdconf)
-@pytest.fixture(scope='function')
-def create_site(session_multihost, request):
- ad2_hostname = session_multihost.ad[1].hostname
- ad2_shostname = ad2_hostname.strip().split('.')[0]
- site = "Raleigh"
-
- cmd_create_site = "powershell.exe -inputformat none -noprofile " \
- "'(New-ADReplicationSite -Name \"%s\" " \
- "-Confirm:$false)'" % site
- cmd_move_ad2 = "powershell.exe -inputformat none -noprofile " \
- "'(Move-ADDirectoryServer -Identity \"%s\" -Site \"%s\" " \
- "-Confirm:$false)'" % (ad2_shostname, site)
-
- session_multihost.ad[0].run_command(cmd_create_site)
- session_multihost.ad[0].run_command(cmd_move_ad2)
-
- def teardown_site():
- cmd_move_ad2back = "powershell.exe -inputformat none -noprofile " \
- "'(Move-ADDirectoryServer -Identity \"%s\" " \
- "-Site \"Default-First-Site-Name\" " \
- "-Confirm:$false)'" % ad2_shostname
- cmd_remove_site2 = "powershell.exe -inputformat none -noprofile " \
- "'(Remove-ADReplicationSite \"%s\" " \
- "-Confirm:$false)'" % site
- session_multihost.ad[0].run_command(cmd_move_ad2back)
- session_multihost.ad[0].run_command(cmd_remove_site2)
-
- request.addfinalizer(teardown_site)
-
-
# ############## class scoped Fixtures ##############################
@@ -238,6 +206,7 @@ def clear_sssd_cache(session_multihost):
client = sssdTools(session_multihost.client[0])
client.clear_sssd_cache()
+
@pytest.fixture(scope="class")
def joinad(session_multihost, request):
""" class fixture to join AD using realm """
@@ -279,7 +248,7 @@ def disjoin():
@pytest.fixture(scope="session", autouse=True)
-def setup_session(request, session_multihost):
+def setup_session(session_multihost, request):
""" Setup Session """
client = sssdTools(session_multihost.client[0])
realm = session_multihost.ad[0].realm
diff --git a/src/tests/multihost/admultidomain/pytest.ini b/src/tests/multihost/admultidomain/pytest.ini
new file mode 100644
index 0000000000..31926ae3ca
--- /dev/null
+++ b/src/tests/multihost/admultidomain/pytest.ini
@@ -0,0 +1,5 @@
+[pytest]
+markers =
+ admultidomain: tests the require three domain controllers in three different domains, parent (root), child and tree domains
+ tier1: All tier1 test cases
+
diff --git a/src/tests/multihost/adsites/readme.rst b/src/tests/multihost/admultidomain/readme.rst
similarity index 87%
rename from src/tests/multihost/adsites/readme.rst
rename to src/tests/multihost/admultidomain/readme.rst
index 3bdcb6a9aa..94c84687ab 100644
--- a/src/tests/multihost/adsites/readme.rst
+++ b/src/tests/multihost/admultidomain/readme.rst
@@ -1,7 +1,7 @@
AD Provider Test Suite
======================
-This directory contains test automation for SSSD AD Provider.
+This directory contains test automation for SSSD Multidomain AD Provider.
Fixtures
@@ -12,19 +12,19 @@ session
*******
* setup_session: This fixtures does the following tasks:
-
-
- * Install common required packages like
+
+
+ * Install common required packages like
* Updated /etc/resolv.conf with Windows IP Address
- * Clear sssd cache
+ * Clear sssd cache
* Configure system to use sssd authentication
-* teardown_session: This is not a fixtures but a teardown of ``setup_session``
+* teardown_session: This is not a fixtures but a teardown of ``setup_session``
* Restores resolv.conf
* Stop sssd service
- * remove sssd.conf
+ * remove sssd.conf
class
@@ -33,27 +33,27 @@ class
* multihost: This fixture returns multihost object. Also using builtin request
fixture we pass ``class_setup`` and ``class_teardown``. If the test suite defines
class_setup and class_teardown functions, multihost object will be available
- to execute any remote functions.
+ to execute any remote functions.
* clear_sssd_cache: Stops sssd service. Removes cache files from
``/var/lib/sss/db`` and starts sssd service. Sleeps for 10 seconds.
* enable_autofs_schema: Backup sssd.conf and Edit sssd.conf and specify
- ``autofs_provider = ad`` and ``debug_level = 9``
+ ``autofs_provider = ad`` and ``debug_level = 9``
-* enable_ad_sudoschema: Enable AD Sudo Schema
+* enable_ad_sudoschema: Enable AD Sudo Schema
* create_ad_sudousers: Create users in Windows Active Directory with username
from ``sudo_idmuser1`` to ``sudo_idmuser10``.
* sudorules: Create AD sudo rules ``less_user_rule1`` to ``less_user_rule10``::
-
+
# less_user_rule1, Sudoers, juno.test
dn: CN=less_user_rule1,OU=Sudoers,DC=juno,DC=test
objectClass: top
objectClass: sudoRole
- cn: less_user_rule1
+ cn: less_user_rule1
distinguishedName: CN=less_user_rule1,OU=Sudoers,DC=juno,DC=test
instanceType: 4
whenCreated: 20190416073735.0Z
@@ -70,9 +70,9 @@ class
sudoOption: !authenticate
sudoOption: !requiretty
sudoCommand: /usr/bin/less
-
+
* joinad: Join the system to Windows AD using realm with membercli-software
- being adcli.
+ being adcli.
@@ -80,7 +80,7 @@ function
********
* smbconfig: Configure smb.conf ::
-
+
[global]
workgroup = <DOMAIN>
security = ads
@@ -111,23 +111,23 @@ function
Add-ADPrincipalGroupMembership -MemberOf Administrators -Identity $grname
-
+
* create_aduser_group: Creates AD user ``testuser<randomnumber>`` and AD Groups
``testgroup<randomnumber>``
-* add_nisobject:
+* add_nisobject:
* uses Indirect parameterization and takes map name as the parameter from
test case. (example: ``/export``, ``/project1``)
- * Installs nfs-utils package on nfs server and starts nfs-server.
- * Add map based on request parameter.
+ * Installs nfs-utils package on nfs server and starts nfs-server.
+ * Add map based on request parameter.
-* set_autofs_search_base: Enable autofs search base in sssd.conf
+* set_autofs_search_base: Enable autofs search base in sssd.conf
* add_user_in_domain_local_group: Add domain local AD group
- ``ltestgoup<randomnumber>``
+ ``ltestgoup<randomnumber>``
* add_principals: Add ``HTTP`` and ``NFS`` service principals in Windows AD
diff --git a/src/tests/multihost/admultidomain/test_admultidomain.py b/src/tests/multihost/admultidomain/test_admultidomain.py
new file mode 100644
index 0000000000..aca2f1b9a3
--- /dev/null
+++ b/src/tests/multihost/admultidomain/test_admultidomain.py
@@ -0,0 +1,186 @@
+from __future__ import print_function
+import pytest
+import re
+from sssd.testlib.common.utils import sssdTools
+from sssd.testlib.common.utils import SSHClient
+
+
+@pytest.mark.admultidomain
+class Testadmultidomain(object):
+ """
+ @Title: IDM-SSSD-TC: ad_provider: admultidomain filter domain groups
+
+ @Steps:
+ """
+ @pytest.mark.admultidomain
+ def test_001_filter_remote_trusted_local_domain_groups(self, multihost,
+ adjoin):
+ """
+ @Title: IDM-SSSD-TC: RFE for the following parameter,
+ ad_allow_remote_domain_local_groups bz1883488 bz1756240
+
+ By default, local domain groups are filtered, with a default
+ configuration check for the following;
+
+ * domain_gr...@domain.com
+ * child_domain_gr...@child.domain.com
+ * tree_domain_gr...@treedomain.com
+ * domain_gr...@child.domain.com
+ * domain_gr...@treedomain.com
+ * us...@domain.com
+ * child_us...@child.domain.com
+ * tree_us...@treedomain.com
+
+ And ensure that the child and tree domain groups are not found.
+ Enabling the feature, with the extra
+ parameters; ldap_use_tokengroups to false and ad_enable_gc to false.
+ The groups should be found.
+
+ :param multihost:
+ :param adjoin:
+ :return:
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0])
+ domain = client.get_domain_section_name()
+ domain_section = 'domain/{}'.format(domain)
+ sssd_params = {'ad_allow_remote_domain_local_groups': 'true',
+ 'ldap_use_tokengroups': 'false',
+ 'ad_enable_gc': 'false'}
+ multihost.client[0].service_sssd('start')
+
+ child_domain = multihost.ad[1].domainname
+ tree_domain = multihost.ad[2].domainname
+
+ cmd_id_user = 'id user1@%s' % domain
+ cmd_get_group = 'getent group domain_group@%s' % domain
+ get_group = multihost.client[0].run_command(cmd_get_group,
+ raiseonerr=False)
+ assert get_group.returncode == 0
+ id_user = multihost.client[0].run_command(cmd_id_user,
+ raiseonerr=False)
+ if id_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'domain_group@%s' % domain)
+ get_group_result = find.search(id_user.stdout_text)
+ if get_group_result is None:
+ status = 'FAIL'
+ assert status != 'FAIL'
+
+ cmd_id_child_user = 'id child_user1@%s' % child_domain
+ cmd_get_child_group = 'getent group child_domain_group@%s'\
+ % child_domain
+ get_child_group = multihost.client[0].run_command(cmd_get_child_group,
+ raiseonerr=False)
+ assert get_child_group.returncode == 2
+ id_child_user = multihost.client[0].run_command(cmd_id_child_user,
+ raiseonerr=False)
+ if id_child_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'child_domain_group@%s' % child_domain)
+ get_child_group_result = find.search(id_child_user.stdout_text)
+ if get_child_group_result is True:
+ status = 'FAIL'
+ assert status != 'FAIL'
+
+ cmd_id_tree_user = 'id tree_user1@%s' % tree_domain
+ cmd_get_tree_group = 'getent group tree_domain_group@%s' \
+ % tree_domain
+ get_tree_group = multihost.client[0].run_command(
+ cmd_get_tree_group, raiseonerr=False)
+ assert get_tree_group.returncode == 2
+ id_tree_user = multihost.client[0].run_command(
+ cmd_id_tree_user, raiseonerr=False)
+ if id_tree_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'tree_domain_group@%s' % tree_domain)
+ get_tree_group_result = find.search(id_tree_user.stdout_text)
+ if get_tree_group_result is True:
+ status = 'FAIL'
+ assert status != 'FAIL'
+
+ multihost.client[0].service_sssd('stop')
+ client.sssd_conf(domain_section, sssd_params)
+ client.remove_sss_cache('/var/lib/sss/db')
+ client.remove_sss_cache('/var/log/sssd')
+ multihost.client[0].service_sssd('restart')
+
+ cmd_id_user = 'id user1@%s' % domain
+ cmd_get_group = 'getent group domain_group@%s' % domain
+ get_group = multihost.client[0].run_command(cmd_get_group,
+ raiseonerr=False)
+ assert get_group.returncode == 0
+ id_user = multihost.client[0].run_command(cmd_id_user,
+ raiseonerr=False)
+ if id_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'domain_group@%s' % domain)
+ get_group_result = find.search(id_user.stdout_text)
+ if get_group_result is None:
+ status = 'FAIL'
+ assert status != 'FAIL'
+
+ cmd_id_child_user = 'id child_user1@%s' % child_domain
+ cmd_get_child_group = 'getent group child_domain_group@%s'\
+ % child_domain
+ get_child_group = multihost.client[0].run_command(cmd_get_child_group,
+ raiseonerr=False)
+ assert get_child_group.returncode == 0
+ id_child_user = multihost.client[0].run_command(cmd_id_child_user,
+ raiseonerr=False)
+ if id_child_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'child_domain_group@%s' % child_domain)
+ get_child_group_result = find.search(id_child_user.stdout_text)
+ if get_child_group_result is None:
+ status = 'FAIL'
+ assert status != 'FAIL'
+
+ cmd_id_child_conflict_user = 'id child_user1@%s' % child_domain
+ cmd_get_child_conflict_group = 'getent group domain_group@%s'\
+ % child_domain
+ get_child_conflict_group = multihost.client[0].run_command(
+ cmd_get_child_conflict_group, raiseonerr=False)
+ assert get_child_conflict_group.returncode == 0
+ id_child_conflict_user = multihost.client[0].run_command(
+ cmd_id_child_conflict_user, raiseonerr=False)
+ if id_child_conflict_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'domain_group@%s' % child_domain)
+ get_child_conflict_group_result = find.search(
+ id_child_conflict_user.stdout_text)
+ if get_child_conflict_group_result is True:
+ status = 'FAIL'
+ assert status != 'FAIL'
+
+ cmd_id_tree_user = 'id tree_user1@%s' % tree_domain
+ cmd_get_tree_group = 'getent group tree_domain_group@%s' % tree_domain
+ get_tree_group = multihost.client[0].run_command(cmd_get_tree_group,
+ raiseonerr=False)
+ assert get_tree_group.returncode == 0
+ id_tree_user = multihost.client[0].run_command(cmd_id_tree_user,
+ raiseonerr=False)
+ if id_tree_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'tree_domain_group@%s' % tree_domain)
+ get_tree_group_result = find.search(id_tree_user.stdout_text)
+ if get_tree_group_result is True:
+ status = 'FAIL'
+ assert status != 'FAIL'
+
+ cmd_id_tree_conflict_user = 'id tree_user1@%s' % tree_domain
+ cmd_get_tree_conflict_group = 'getent group domain_group@%s' \
+ % tree_domain
+ get_tree_conflict_group = multihost.client[0].run_command(
+ cmd_get_tree_conflict_group, raiseonerr=False)
+ assert get_tree_conflict_group.returncode == 0
+ id_tree_conflict_user = multihost.client[0].run_command(
+ cmd_id_tree_conflict_user, raiseonerr=False)
+ if id_tree_conflict_user.returncode == 0:
+ status = 'PASS'
+ find = re.compile(r'domain_group@%s' % tree_domain)
+ get_tree_conflict_group_result = find.search(
+ id_tree_conflict_user.stdout_text)
+ if get_tree_conflict_group_result is True:
+ status = 'FAIL'
+ assert status != 'FAIL'
diff --git a/src/tests/multihost/adsites/pytest.ini b/src/tests/multihost/adsites/pytest.ini
deleted file mode 100644
index 4b0d37efe9..0000000000
--- a/src/tests/multihost/adsites/pytest.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[pytest]
-markers =
- adsites: tests the require two domain controllers
diff --git a/src/tests/multihost/adsites/test_adsites.py b/src/tests/multihost/adsites/test_adsites.py
deleted file mode 100644
index a277465755..0000000000
--- a/src/tests/multihost/adsites/test_adsites.py
+++ /dev/null
@@ -1,213 +0,0 @@
-from __future__ import print_function
-import time
-import pytest
-from sssd.testlib.common.utils import sssdTools
-
-
-@pytest.mark.adsites
-class Testadsites(object):
- """
- @Title: IDM-SSSD-TC: ad_provider: adsites:
- Improve AD site discovery process
- Test cases for BZ: 1819012
-
- @Steps:
- 1. Join client to AD
- 2. Start SSSD and enable debug
- 3. Create secondary site, move second domain controller to second site
- """
- @pytest.mark.adsites
- def test_001_ad_startup_discovery(self, multihost, adjoin):
- """
- @Title: IDM-SSSD-TC: ad_startup_discovery
- * grep sssd domain logs for cldap ping
- * grep sssd logs for cldap ping parallel batch
- * grep sssd logs for cldap ping domain discovery
- """
- adjoin(membersw='adcli')
- client = sssdTools(multihost.client[0], multihost.ad[0])
- domain = client.get_domain_section_name()
- domain_section = 'domain/{}'.format(domain)
- sssd_params = {'debug_level': '0xFFF0'}
- client.sssd_conf(domain_section, sssd_params)
-
- ad1 = multihost.ad[0].hostname
- ad2 = multihost.ad[1].hostname
- multihost.client[0].service_sssd('start')
-
- cmd_id = 'id Administrator@%s' % domain
- multihost.client[0].run_command(cmd_id)
-
- cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
- assert check_ping.returncode == 0
- cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad1)
- check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
- cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad2)
- check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
- if check_batch1.returncode == 0 or check_batch2.returncode == 0:
- assert True
- else:
- assert False
- cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
- assert check_discovery.returncode == 0
-
- @pytest.mark.adsites
- def test_002_ad_startup_discovery_one_server_unreachable(self, multihost, adjoin):
- """
- @Title: IDM-SSSD-TC: ad_startup_discovery_one_server_unreachable
- * grep sssd domain logs for cldap ping
- * grep sssd logs for cldap ping parallel batch
- * grep sssd logs for cldap ping domain discovery
- """
- adjoin(membersw='adcli')
- client = sssdTools(multihost.client[0], multihost.ad[0])
- domain = client.get_domain_section_name()
- domain_section = 'domain/{}'.format(domain)
- sssd_params = {'debug_level': '0xFFF0'}
- client.sssd_conf(domain_section, sssd_params)
-
- ad1 = multihost.ad[0].hostname
- ad2 = multihost.ad[1].hostname
- ad2ip = multihost.ad[1].ip
-
- cmd_dnf_firewalld = 'dnf install -y firewalld'
- multihost.client[0].run_command(cmd_dnf_firewalld)
- cmd_start_firewalld = 'systemctl start firewalld'
- multihost.client[0].run_command(cmd_start_firewalld)
- fw_add = 'firewall-cmd --permanent --direct --add-rule ipv4 ' \
- 'filter OUTPUT 0 -d %s -j DROP' % ad2ip
- fw_reload = 'firewall-cmd --reload'
- multihost.client[0].run_command(fw_add, raiseonerr=True)
- multihost.client[0].run_command(fw_reload, raiseonerr=True)
- multihost.client[0].service_sssd('start')
-
- cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
- assert check_ping.returncode == 0
- cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad1)
- check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
- cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad2)
- check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
- if check_batch1.returncode == 1 and check_batch2.returncode == 0:
- assert True
- else:
- assert False
- cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
- assert check_discovery.returncode == 0
-
- fw_stop = 'systemctl stop firewalld'
- multihost.client[0].run_command(fw_stop, raiseonerr=True)
- fw_remove = 'dnf remove -y firewalld'
- multihost.client[0].run_command(fw_remove, raiseonerr=True)
-
- @pytest.mark.adsites
- def test_003_ad_startup_discovery_two_different_sites(self, multihost, adjoin, create_site):
- """
- @Title: IDM-SSSD-TC: ad_startup_discovery_two_different_sites
- * grep sssd domain logs for cldap ping
- * grep sssd logs for cldap ping parallel batch
- * grep sssd logs for cldap ping domain discovery
- """
- adjoin(membersw='adcli')
- client = sssdTools(multihost.client[0], multihost.ad[0])
- domain = client.get_domain_section_name()
- domain_section = 'domain/{}'.format(domain)
- sssd_params = {'debug_level': '0xFFF0'}
- client.sssd_conf(domain_section, sssd_params)
-
- ad1 = multihost.ad[0].hostname
- ad2 = multihost.ad[1].hostname
- multihost.client[0].service_sssd('start')
-
- cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
- assert check_ping.returncode == 0
- cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad1)
- check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
- cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad2)
- check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
- if check_batch1.returncode == 0 or check_batch2.returncode == 0:
- assert True
- else:
- assert False
- cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
- assert check_discovery.returncode == 0
-
- @pytest.mark.adsites
- def test_004_ad_startup_discovery_two_different_sites_one_server_unreachable(self, multihost, adjoin, create_site):
- """
- @Title: IDM-SSSD-TC: ad_startup_discovery_two_different_sites_one_server_unreachable
- * grep sssd domain logs for cldap ping
- * grep sssd logs for cldap ping parallel batch
- * grep sssd logs for cldap ping domain discovery
- """
- adjoin(membersw='adcli')
- client = sssdTools(multihost.client[0], multihost.ad[0])
- domain = client.get_domain_section_name()
- domain_section = 'domain/{}'.format(domain)
- sssd_params = {'debug_level': '0xFFF0'}
- client.sssd_conf(domain_section, sssd_params)
-
- ad1 = multihost.ad[0].hostname
- ad2 = multihost.ad[1].hostname
- ad2ip = multihost.ad[1].ip
-
- cmd_dnf_firewalld = 'dnf install -y firewalld'
- multihost.client[0].run_command(cmd_dnf_firewalld)
- cmd_start_firewalld = 'systemctl start firewalld'
- multihost.client[0].run_command(cmd_start_firewalld)
- fw_add = 'firewall-cmd --permanent --direct --add-rule ipv4 ' \
- 'filter OUTPUT 0 -d %s -j DROP' % ad2ip
- fw_reload = 'firewall-cmd --reload'
- multihost.client[0].run_command(fw_add, raiseonerr=True)
- multihost.client[0].run_command(fw_reload, raiseonerr=True)
-
- multihost.client[0].service_sssd('start')
-
- cmd_check_ping = 'grep -ire ad_cldap_ping_send /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_ping = multihost.client[0].run_command(cmd_check_ping, raiseonerr=False)
- assert check_ping.returncode == 0
- cmd_check_batch1 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad1)
- check_batch1 = multihost.client[0].run_command(cmd_check_batch1, raiseonerr=False)
- cmd_check_batch2 = 'grep -ire ad_cldap_ping_parallel_batch /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \" %s\"' % (domain, ad2)
- check_batch2 = multihost.client[0].run_command(cmd_check_batch2, raiseonerr=False)
- if check_batch1.returncode == 1 and check_batch2.returncode == 0:
- assert True
- else:
- assert False
- cmd_check_discovery = 'grep -ire ad_cldap_ping_domain_discovery_done /var/log/sssd/sssd_%s.log | ' \
- 'grep -ire \"Found 2 domain controllers in domain ' \
- 'Default-First-Site-Name._sites.%s\"' % (domain, domain)
- check_discovery = multihost.client[0].run_command(cmd_check_discovery, raiseonerr=False)
- assert check_discovery.returncode == 0
-
- fw_stop = 'systemctl stop firewalld'
- multihost.client[0].run_command(fw_stop, raiseonerr=True)
- fw_remove = 'dnf remove -y firewalld'
- multihost.client[0].run_command(fw_remove, raiseonerr=True)
\ No newline at end of file
diff --git a/src/tests/multihost/sssd/testlib/common/qe_class.py b/src/tests/multihost/sssd/testlib/common/qe_class.py
index 61df8eba3c..958aed3274 100644
--- a/src/tests/multihost/sssd/testlib/common/qe_class.py
+++ b/src/tests/multihost/sssd/testlib/common/qe_class.py
@@ -54,6 +54,13 @@ def get_logger(self, name):
log.addHandler(handler)
return log
+ def filter(self, descriptions):
+ """
+ Override default behavior to not filter hosts, so that it can work
+ with dynamic topologies.
+ """
+ return
+
class QeBaseHost(pytest_multihost.host.BaseHost):
"""QeBaseHost subclass of multihost plugin BaseHost class."""
@@ -291,7 +298,6 @@ def __init__(self, config, name, domain_type):
host_classes = {'default': QeHost, 'windows': QeWinHost}
-
@pytest.fixture(scope="session", autouse=True)
def session_multihost(request):
"""Multihost plugin fixture for session scope"""
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
