URL: https://github.com/SSSD/sssd/pull/5755 Author: aborah-sudo Title: #5755: Tests: support subid ranges managed by FreeIPA Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5755/head:pr5755 git checkout pr5755
From f90aa754b6dd425e1d9231955350c1fa657cfb1b Mon Sep 17 00:00:00 2001 From: Anuj Borah <abo...@redhat.com> Date: Thu, 19 Aug 2021 14:19:26 +0530 Subject: [PATCH] Tests: support subid ranges managed by FreeIPA issue: https://github.com/SSSD/sssd/issues/5197 bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 --- src/tests/multihost/ipa/conftest.py | 75 ++++++++++++ .../multihost/ipa/data/list_subid_ranges.c | 46 ++++++++ src/tests/multihost/ipa/test_subid_ranges.py | 107 ++++++++++++++++++ 3 files changed, 228 insertions(+) create mode 100644 src/tests/multihost/ipa/data/list_subid_ranges.c create mode 100644 src/tests/multihost/ipa/test_subid_ranges.py diff --git a/src/tests/multihost/ipa/conftest.py b/src/tests/multihost/ipa/conftest.py index f65ae765d3..8a44a58b7a 100644 --- a/src/tests/multihost/ipa/conftest.py +++ b/src/tests/multihost/ipa/conftest.py @@ -16,6 +16,7 @@ from sssd.testlib.ipa.utils import ipaTools from sssd.testlib.common.utils import ADOperations from sssd.testlib.common.paths import SSSD_DEFAULT_CONF +from sssd.testlib.common.utils import SSHClient def pytest_configure(): @@ -165,6 +166,80 @@ def restoresssdconf(): # ==================== Class Scoped Fixtures ================ +@pytest.fixture(scope='class') +def environment_setup(session_multihost, request): + """ + Install necessary packages + """ + session_multihost.client[0].run_command("yum " + "--enablerepo=rhel-CRB install" + " -y shadow-utils*") + session_multihost.client[0].run_command("yum install -y shadow-utils*") + session_multihost.client[0].run_command("yum install -y gcc") + with pytest.raises(subprocess.CalledProcessError): + session_multihost.client[0].run_command(f"grep subid " + f" /etc/nsswitch.conf") + session_multihost.client[0].transport.put_file(os.getcwd() + + '/data/list_subid_ranges.c', + '/tmp/list_subid_ranges.c') + session_multihost.client[0].run_command("gcc /tmp/list_subid_ranges.c" + " -lsubid -o " + "/tmp/list_subid_ranges") + + def remove(): + """ Remove file """ + for file in ['list_subid_ranges', 'list_subid_ranges.c']: + session_multihost.client[0].run_command(f"rm -vf /tmp/{file}") + + request.addfinalizer(remove) + + +@pytest.fixture(scope='class') +def subid_generate(session_multihost, request): + user = "admin" + test_password = "Secret123" + ssh1 = SSHClient(session_multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.execute_cmd('kinit', + stdin=test_password) + assert exit_status == 0 + (result, result1, exit_status) = ssh1.exec_command('klist') + assert user in str(result1.read()) + (result, result1, exit_status) = ssh1.exec_command(f"ipa " + f" subid-generate" + f" --owner={user}") + ssh1.close() + + +@pytest.fixture(scope='class') +def bkp_cnfig_for_subid_files(session_multihost, request): + """ Back up """ + session_multihost.client[0].run_command("cp -vf " + "/etc/subuid " + "/tmp/subuid_bkp") + session_multihost.client[0].run_command("cp -vf " + "/etc/subgid " + "/tmp/subgid_bkp") + session_multihost.client[0].run_command("cp -vf " + "/etc/nsswitch.conf " + "/tmp/nsswitch.conf_bkp") + session_multihost.client[0].run_command("echo 'subid: sss' " + ">> /etc/nsswitch.conf") + + def restore(): + """ Restore """ + session_multihost.client[0].run_command("mv -vf " + "/tmp/subuid_bkp " + "/etc/subuid") + session_multihost.client[0].run_command("mv -vf " + "/tmp/subgid_bkp " + "/etc/subgid") + session_multihost.client[0].run_command("mv -vf " + "/tmp/nsswitch.conf_bkp " + "/etc/nsswitch.conf") + request.addfinalizer(restore) + + @pytest.fixture(scope="class") def default_ipa_users(session_multihost, request): """ Create IPA Users foobar0 to foobar9 """ diff --git a/src/tests/multihost/ipa/data/list_subid_ranges.c b/src/tests/multihost/ipa/data/list_subid_ranges.c new file mode 100644 index 0000000000..05d2e8f048 --- /dev/null +++ b/src/tests/multihost/ipa/data/list_subid_ranges.c @@ -0,0 +1,46 @@ + +#include <stdio.h> +#include <string.h> +#include "shadow/subid.h" +#include "stdlib.h" + +const char *Prog; +FILE *shadow_logfd = NULL; + +void usage(void) +{ + fprintf(stderr, "Usage: %s [-g] user\n", Prog); + fprintf(stderr, " list subuid ranges for user\n"); + fprintf(stderr, " pass -g to list subgid ranges\n"); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int i, count=0; + struct subid_range *ranges; + const char *owner; + + Prog = argv[0]; + shadow_logfd = stderr; + if (argc < 2) + usage(); + owner = argv[1]; + if (argc == 3 && strcmp(argv[1], "-g") == 0) { + owner = argv[2]; + count = get_subgid_ranges(owner, &ranges); + } else if (argc == 2 && strcmp(argv[1], "-h") == 0) { + usage(); + } else { + count = get_subuid_ranges(owner, &ranges); + } + if (!ranges) { + fprintf(stderr, "Error fetching ranges\n"); + exit(1); + } + for (i = 0; i < count; i++) { + printf("%d: %s %lu %lu\n", i, owner, + ranges[i].start, ranges[i].count); + } + return 0; +} diff --git a/src/tests/multihost/ipa/test_subid_ranges.py b/src/tests/multihost/ipa/test_subid_ranges.py new file mode 100644 index 0000000000..6c76538868 --- /dev/null +++ b/src/tests/multihost/ipa/test_subid_ranges.py @@ -0,0 +1,107 @@ +""" Automation of IPA bugs """ + +import pytest +import subprocess +import time +import os +from sssd.testlib.common.utils import SSHClient + + +test_password = "Secret123" +user = 'admin' + + +def execute_cmd(multihost, command): + """ Execute command on client """ + cmd = multihost.client[0].run_command(command) + return cmd + + +@pytest.mark.usefixtures('environment_setup', + 'subid_generate', + 'bkp_cnfig_for_subid_files', + 'setup_ipa_client') +@pytest.mark.tier1 +class TestSubid(object): + """ + This is for ipa bugs automation + """ + def test_subid_feature(self, multihost): + """ + :Title: support subid ranges managed by FreeIPA + :id: 50bcdc28-00c8-11ec-bef4-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 + :steps: + 1. Generate subid for user admin + 2. Test newuidmap command + 3. Test newgidmap command + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + """ + ssh1 = SSHClient(multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.exec_command(f"ipa " + f"subid-find" + f" --owner " + f"{user}") + user_details = result1.readlines() + uid_start = int(user_details[5].split(': ')[1].split('\n')[0]) + uid_range = int(user_details[6].split(': ')[1].split('\n')[0]) + gid_start = int(user_details[7].split(': ')[1].split('\n')[0]) + gid_range = int(user_details[8].split(': ')[1].split('\n')[0]) + find_admin = f"ps -ef | grep bash | grep {user}" + (results1, results2, results3) = ssh1.exec_command('unshare -U bash') + proces_id = [int(i) for i in execute_cmd(multihost, + find_admin).stdout_text.split() + if i.isdigit()][0] + ssh1.exec_command(f"newuidmap {proces_id} {uid_start} " + f"{uid_start + 1} 1") + ssh1.exec_command(f"newgidmap {proces_id} {gid_start}" + f" {gid_start + 1} 1") + result = execute_cmd(multihost, f"cat /proc/{proces_id}/uid_map") + assert f'{uid_start} {uid_start + 1}' in result.stdout_text + result = execute_cmd(multihost, f"cat /proc/{proces_id}/gid_map") + assert f'{gid_start} {gid_start + 1}' in result.stdout_text + multihost.client[0].run_command(f'kill -9 {proces_id}') + ssh1.close() + + def test_list_subid_ranges(self, multihost): + """ + :Title: support subid ranges managed by FreeIPA + :id: 4ab33f84-00c8-11ec-ad91-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 + :steps: + 1. Configure subid: sss on /etc/nsswitch.conf + 2. Test list_subid_ranges command + 3. Test list_subid_ranges -g command + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + """ + ssh1 = SSHClient(multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.execute_cmd('kinit', + stdin=test_password) + assert exit_status == 0 + (result, result1, exit_status) = ssh1.exec_command('klist') + assert user in str(result1.read()) + (result, result1, exit_status) = ssh1.exec_command(f"ipa subid-find" + f" --owner " + f"{user}") + user_details = result1.readlines() + uid_start = int(user_details[5].split(': ')[1].split('\n')[0]) + uid_range = int(user_details[6].split(': ')[1].split('\n')[0]) + gid_start = int(user_details[7].split(': ')[1].split('\n')[0]) + gid_range = int(user_details[8].split(': ')[1].split('\n')[0]) + cmd = multihost.client[0].run_command(f"cd /tmp/; " + f"./list_subid_ranges " + f"{user}") + assert f"{user} {uid_start} {uid_range}" in cmd.stdout_text + cmd = multihost.client[0].run_command(f"cd /tmp/;" + f" ./list_subid_ranges" + f" -g {user}") + assert f"{user} {gid_start} {gid_range}" in cmd.stdout_text + ssh1.close()
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
