URL: https://github.com/SSSD/sssd/pull/5792 Author: shridhargadekar Title: #5792: Tests: improve sssd refresh timers for sudo queries Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5792/head:pr5792 git checkout pr5792
From 71856d448963459707a3680bf4adc1656ac4794b Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar <sgade...@sgadekar.pnq.csb> Date: Wed, 22 Sep 2021 15:15:36 +0530 Subject: [PATCH] Tests: improve sssd refresh timers for sudo queries verifies:#5604 bugzilla:https://github.com/shridhargadekar/sssd/pull/new/sssd-3162 --- src/tests/multihost/alltests/conftest.py | 27 +++++++++ src/tests/multihost/alltests/test_sudo.py | 70 +++++++++++++++++++++-- 2 files changed, 93 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 6ace9dfe07..8e4ba6c980 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -424,6 +424,33 @@ def restore_sssd_conf(): request.addfinalizer(restore_sssd_conf) +@pytest.fixture(scope='function') +def sssd_sudo_conf(session_multihost, request): + """ Configure basic sudo parameters in sssd.conf """ + tools = sssdTools(session_multihost.client[0]) + session_multihost.client[0].service_sssd('stop') + tools.remove_sss_cache('/var/lib/sss/db/') + tools.remove_sss_cache('/var/log/sssd') + ldap_uri = 'ldap://%s' % session_multihost.master[0].sys_hostname + section = "sssd" + sssd_params = {'services': 'nss, pam, sudo'} + tools.sssd_conf(section, sssd_params) + sudo_base = 'ou=sudoers,%s' % ds_suffix + params = {'ldap_sudo_search_base': sudo_base, + 'sudo_provider': 'ldap'} + domain_section = 'domain/%s' % ds_instance_name + tools.sssd_conf(domain_section, params, action='update') + ret = session_multihost.client[0].service_sssd('start') + + def restore_sssd_conf(): + """ Restore sssd.conf """ + services = 'nss, pam' + sssd_params = {'services': services} + tools.sssd_conf('sssd', sssd_params) + tools.sssd_conf(domain_section, params, action='delete') + request.addfinalizer(restore_sssd_conf) + + @pytest.fixture(scope='function') def sudo_rule(session_multihost, request): """ Create sudoers ldap entries """ diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index a906eaada2..b221c8c51b 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -184,9 +184,71 @@ def test_randomize_sudo_timeout(self, multihost, same_intvl += 1 index += 1 assert rand_intvl > same_intvl + + @pytest.mark.tier2 + def test_improve_refresh_timers_sudo_timeout(self, multihost, + backupsssdconf, + sssd_sudo_conf, + sudo_rule): + """ + :title: sudo: randomize sudo refresh timeouts + :id: 3860d1b9-28fc-4d44-9537-caf28ab033c8 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1925505 + :customerscenario: True + :steps: + 1. Edit sssdconfig and specify sssd smart, full timeout option + 2. Restart sssd with cleared logs and cache + 3. Wait for 40 seconds + 4. Parse logs and confirm sudo full refresh and smart refresh + timeout are not running at same time + 5. If sudo full refresh and smart refresh timeout are scheduled at + same time then smart refresh is rescheduled to the next cycle + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + 4. Should succeed + 5. Should succeed + """ + tools = sssdTools(multihost.client[0]) multihost.client[0].service_sssd('stop') - params = {'ldap_sudo_full_refresh_interval': '25', - 'ldap_sudo_smart_refresh_interval': '15', - 'ldap_sudo_random_offset': '5'} - tools.sssd_conf(domain_section, params, action='delete') + tools.remove_sss_cache('/var/lib/sss/db') + tools.remove_sss_cache('/var/log/sssd') + sudo_base = 'ou=sudoers,dc=example,dc=test' + sudo_uri = "ldap://%s" % multihost.master[0].sys_hostname + params = {'ldap_sudo_full_refresh_interval': '10', + 'ldap_sudo_random_offset': '0', + 'ldap_sudo_smart_refresh_interval': '5'} + domain_section = 'domain/%s' % ds_instance_name + tools.sssd_conf(domain_section, params, action='update') multihost.client[0].service_sssd('start') + time.sleep(40) + logfile = '/var/log/sssd/sssd_%s.log' % ds_instance_name + tmout_ptrn = r"(SUDO.*Refresh.*executing)" + rschdl_ptrn = r"(SUDO.*Refresh.*rescheduling)" + regex_tmout = re.compile("%s" % tmout_ptrn) + rgx_rs_tsmp = re.compile("%s" % rschdl_ptrn) + smart_tmout = [] + full_tmout = [] + full_rfsh_tstp = [] + smrt_rfsh_tstp = [] + rschdl_tstp = [] + log = multihost.client[0].get_file_contents(logfile).decode('utf-8') + for line in log.split('\n'): + if (regex_tmout.findall(line)): + l1 = line.split('):')[0] + l2 = l1.split()[1] + ref_type = line.split()[7] + if ref_type == 'Smart': + smrt_rfsh_tstp.append(l2) + elif ref_type == 'Full': + full_rfsh_tstp.append(l2) + if (rgx_rs_tsmp.findall(line)): + l1 = line.split('):')[0] + l2 = l1.split()[1] + rschdl_tstp.append(l2) + for tm_stamp in full_rfsh_tstp: + if tm_stamp in smrt_rfsh_tstp: + assert tm_stamp in rschdl_tstp + else: + assert tm_stamp not in smrt_rfsh_tstp
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure