On Wed, Sep 30, 2015 at 06:15:52PM +0300, Nikolai Kondrashov wrote:
Hi everyone,
Here is a patch set fixing some things in integration tests and adding more
LDAP tests:
(Not a full review, just adding my ideas and impressions)
I read these patches when I tried to add tests for the failing POSIX
check. That didn't work out, but at least I have a better idea about the
integration tests now :-)
Most importantly, the current tests are largely using enumeration. That
not wrong and we want this codepath to be tested, but it's not the
default of SSSD, so we want the non-enumeration also.
I also wonder if instead of bool-like parameter that says if we're using
rfc2307 or rfc2307bis we should have a more generic 'schema' parameter.
Both are in some way here:
https://fedorapeople.org/cgit/jhrozek/public_git/sssd.git/commit/?h=intg_...
Most of the (not well formatted) patch is the schema change, you can
also see ldap_schema=ad being added. The test_broken_posix_in_ad()
function also shows a test without enumeration -- I think we want tests
for adding/removing a user/group/membership with rfc2307(bis) schema
along these lines as well.
* Adding/removing a user/group/membership with rfc2307(bis) schema.
* Filtering users/groups with rfc2307(bis) schema.
* The effect of override_homedir option.
* The effect of fallback_homedir option.
* The effect of override_shell option.
* The effect of shell_fallback option.
* The effect of default_shell option.
* The effect of vetoed_shells option.
These are pretty basic, but I think they're good for the start.
Suggestions for more tests are welcome :)
NOTE: These still break test_memory_cache.py as seen in the attached log file.
We need to figure out why and do something with it. Otherwise, the
tests work fine.
Nick
From d09a103901a6f86873f9510152c600a062e255ed Mon Sep 17 00:00:00
2001
From: Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com>
Date: Tue, 29 Sep 2015 20:00:14 +0300
Subject: [PATCH 1/7] intg: Get base DN from LDAP connection object
Don't use the global LDAP_BASE_DN in integration tests and fixtures, but
instead take it from the LDAP connection object (ldap_conn) passed to
them explicitly. This makes the tests and fixtures a bit more modular.
---
src/tests/intg/ldap_test.py | 8 ++++----
src/tests/intg/test_memory_cache.py | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index ea114dc..0287a28 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -105,7 +105,7 @@ def create_sssd_fixture(request):
@pytest.fixture
def sanity_rfc2307(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
@@ -150,7 +150,7 @@ def sanity_rfc2307(request, ldap_conn):
@pytest.fixture
def simple_rfc2307(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
@@ -181,7 +181,7 @@ def simple_rfc2307(request, ldap_conn):
@pytest.fixture
def sanity_rfc2307_bis(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
@@ -309,7 +309,7 @@ def test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
@pytest.fixture
def refresh_after_cleanup_task(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_group_bis("group1", 2001, ["user1"])
diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py
index 1f4ccb0..76d85fd 100644
--- a/src/tests/intg/test_memory_cache.py
+++ b/src/tests/intg/test_memory_cache.py
@@ -109,7 +109,7 @@ def create_sssd_fixture(request):
def load_data_to_ldap(request, ldap_conn):
- ent_list = ldap_ent.List(LDAP_BASE_DN)
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
--
2.5.1
From 8eb90565998f43fdc6b9ea3564527620c862f7fb Mon Sep 17 00:00:00
2001
From: Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com>
Date: Tue, 29 Sep 2015 20:13:04 +0300
Subject: [PATCH 2/7] intg: Remove _rfc2307 from function names
Remove "_rfc2307" from integration test function names for brevity.
---
src/tests/intg/ldap_test.py | 12 +++----
src/tests/intg/test_memory_cache.py | 70 ++++++++++++++++++-------------------
2 files changed, 41 insertions(+), 41 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index 0287a28..e359ab4 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -104,7 +104,7 @@ def create_sssd_fixture(request):
@pytest.fixture
-def sanity_rfc2307(request, ldap_conn):
+def sanity(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
@@ -149,7 +149,7 @@ def sanity_rfc2307(request, ldap_conn):
@pytest.fixture
-def simple_rfc2307(request, ldap_conn):
+def simple(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
@@ -180,7 +180,7 @@ def simple_rfc2307(request, ldap_conn):
@pytest.fixture
-def sanity_rfc2307_bis(request, ldap_conn):
+def sanity_bis(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
@@ -238,14 +238,14 @@ def sanity_rfc2307_bis(request, ldap_conn):
return None
-def test_regression_ticket2163(ldap_conn, simple_rfc2307):
+def test_regression_ticket2163(ldap_conn, simple):
ent.assert_passwd_by_name(
'usr\\001',
dict(name='usr\\001', passwd='*', uid=181818, gid=181818,
gecos='181818', shell='/bin/bash'))
-def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
+def test_sanity(ldap_conn, sanity):
passwd_pattern = ent.contains_only(
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002,
gecos='1002', dir='/home/user2', shell='/bin/bash'),
@@ -272,7 +272,7 @@ def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
grp.getgrgid(1)
-def test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
+def test_sanity_bis(ldap_conn, sanity_bis):
passwd_pattern = ent.contains_only(
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002,
gecos='1002', dir='/home/user2', shell='/bin/bash'),
diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py
index 76d85fd..1a98a53 100644
--- a/src/tests/intg/test_memory_cache.py
+++ b/src/tests/intg/test_memory_cache.py
@@ -131,7 +131,7 @@ def load_data_to_ldap(request, ldap_conn):
@pytest.fixture
-def sanity_rfc2307(request, ldap_conn):
+def sanity(request, ldap_conn):
load_data_to_ldap(request, ldap_conn)
conf = unindent("""\
@@ -156,7 +156,7 @@ def sanity_rfc2307(request, ldap_conn):
@pytest.fixture
-def fqname_rfc2307(request, ldap_conn):
+def fqname(request, ldap_conn):
load_data_to_ldap(request, ldap_conn)
conf = unindent("""\
@@ -182,7 +182,7 @@ def fqname_rfc2307(request, ldap_conn):
@pytest.fixture
-def fqname_case_insensitive_rfc2307(request, ldap_conn):
+def fqname_case_insensitive(request, ldap_conn):
load_data_to_ldap(request, ldap_conn)
conf = unindent("""\
@@ -208,7 +208,7 @@ def fqname_case_insensitive_rfc2307(request, ldap_conn):
return None
-def test_getpwnam(ldap_conn, sanity_rfc2307):
+def test_getpwnam(ldap_conn, sanity):
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
@@ -291,13 +291,13 @@ def test_getpwnam(ldap_conn, sanity_rfc2307):
gecos='1023', shell='/bin/bash'))
-def test_getpwnam_with_mc(ldap_conn, sanity_rfc2307):
- test_getpwnam(ldap_conn, sanity_rfc2307)
+def test_getpwnam_with_mc(ldap_conn, sanity):
+ test_getpwnam(ldap_conn, sanity)
stop_sssd()
- test_getpwnam(ldap_conn, sanity_rfc2307)
+ test_getpwnam(ldap_conn, sanity)
-def test_getgrnam_simple(ldap_conn, sanity_rfc2307):
+def test_getgrnam_simple(ldap_conn, sanity):
ent.assert_group_by_name("group1", dict(name="group1",
gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
@@ -317,13 +317,13 @@ def test_getgrnam_simple(ldap_conn, sanity_rfc2307):
ent.assert_group_by_gid(2020, dict(name="group2x", gid=2020))
-def test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307):
- test_getgrnam_simple(ldap_conn, sanity_rfc2307)
+def test_getgrnam_simple_with_mc(ldap_conn, sanity):
+ test_getgrnam_simple(ldap_conn, sanity)
stop_sssd()
- test_getgrnam_simple(ldap_conn, sanity_rfc2307)
+ test_getgrnam_simple(ldap_conn, sanity)
-def test_getgrnam_membership(ldap_conn, sanity_rfc2307):
+def test_getgrnam_membership(ldap_conn, sanity):
ent.assert_group_by_name(
"group1",
dict(mem=ent.contains_only("user1", "user11",
"user21")))
@@ -367,10 +367,10 @@ def test_getgrnam_membership(ldap_conn, sanity_rfc2307):
dict(mem=ent.contains_only("user21", "user22",
"user23")))
-def test_getgrnam_membership_with_mc(ldap_conn, sanity_rfc2307):
- test_getgrnam_membership(ldap_conn, sanity_rfc2307)
+def test_getgrnam_membership_with_mc(ldap_conn, sanity):
+ test_getgrnam_membership(ldap_conn, sanity)
stop_sssd()
- test_getgrnam_membership(ldap_conn, sanity_rfc2307)
+ test_getgrnam_membership(ldap_conn, sanity)
def assert_user_gids_equal(user, expected_gids):
@@ -385,7 +385,7 @@ def assert_user_gids_equal(user, expected_gids):
)
-def test_initgroups(ldap_conn, sanity_rfc2307):
+def test_initgroups(ldap_conn, sanity):
assert_user_gids_equal('user1', [2000, 2001])
assert_user_gids_equal('user2', [2000, 2002])
assert_user_gids_equal('user3', [2000, 2003])
@@ -399,13 +399,13 @@ def test_initgroups(ldap_conn, sanity_rfc2307):
assert_user_gids_equal('user23', [2020, 2003])
-def test_initgroups_with_mc(ldap_conn, sanity_rfc2307):
- test_initgroups(ldap_conn, sanity_rfc2307)
+def test_initgroups_with_mc(ldap_conn, sanity):
+ test_initgroups(ldap_conn, sanity)
stop_sssd()
- test_initgroups(ldap_conn, sanity_rfc2307)
+ test_initgroups(ldap_conn, sanity)
-def test_initgroups_fqname_with_mc(ldap_conn, fqname_rfc2307):
+def test_initgroups_fqname_with_mc(ldap_conn, fqname):
assert_user_gids_equal('user1@LDAP', [2000, 2001])
stop_sssd()
assert_user_gids_equal('user1@LDAP', [2000, 2001])
@@ -447,7 +447,7 @@ def assert_stored_last_initgroups(user1_case1, user1_case2,
user1_case_last,
def test_initgroups_case_insensitive_with_mc1(ldap_conn,
- fqname_case_insensitive_rfc2307):
+ fqname_case_insensitive):
user1_case1 = 'User1@LDAP'
user1_case2 = 'uSer1@LDAP'
user1_case_last = 'usEr1@LDAP'
@@ -459,7 +459,7 @@ def test_initgroups_case_insensitive_with_mc1(ldap_conn,
def test_initgroups_case_insensitive_with_mc2(ldap_conn,
- fqname_case_insensitive_rfc2307):
+ fqname_case_insensitive):
user1_case1 = 'usEr1@LDAP'
user1_case2 = 'User1@LDAP'
user1_case_last = 'uSer1@LDAP'
@@ -471,7 +471,7 @@ def test_initgroups_case_insensitive_with_mc2(ldap_conn,
def test_initgroups_case_insensitive_with_mc3(ldap_conn,
- fqname_case_insensitive_rfc2307):
+ fqname_case_insensitive):
user1_case1 = 'uSer1@LDAP'
user1_case2 = 'usEr1@LDAP'
user1_case_last = 'User1@LDAP'
@@ -510,7 +510,7 @@ def run_simple_test_with_initgroups():
assert_initgroups_equal("user1", 2001, [2000, 2001])
-def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307):
+def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity):
# the sssd cache was empty and not all user's group were
# resolved with getgr{nm,gid}. Therefore there is a change in
@@ -549,7 +549,7 @@ def test_invalidation_of_gids_after_initgroups(ldap_conn,
sanity_rfc2307):
grp.getgrgid(gid)
-def test_initgroups_without_change_in_membership(ldap_conn, sanity_rfc2307):
+def test_initgroups_without_change_in_membership(ldap_conn, sanity):
# the sssd cache was empty and not all user's group were
# resolved with getgr{nm,gid}. Therefore there is a change in
@@ -615,7 +615,7 @@ def assert_missing_mc_records_for_user1():
"User user1, errno:%d" % err
-def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_user_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -628,7 +628,7 @@ def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_user_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -641,7 +641,7 @@ def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_users_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -654,7 +654,7 @@ def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_users_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -667,7 +667,7 @@ def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_group_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -680,7 +680,7 @@ def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_group_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -693,7 +693,7 @@ def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_groups_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -706,7 +706,7 @@ def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_groups_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -719,7 +719,7 @@ def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_everything_before_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
@@ -732,7 +732,7 @@ def test_invalidate_everything_before_stop(ldap_conn,
sanity_rfc2307):
assert_missing_mc_records_for_user1()
-def test_invalidate_everything_after_stop(ldap_conn, sanity_rfc2307):
+def test_invalidate_everything_after_stop(ldap_conn, sanity):
# initialize cache with full ID
(res, errno, _) = sssd_id.get_user_groups("user1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
--
2.5.1
From 866570e06f449981891cdc39d5c67cb677654d8e Mon Sep 17 00:00:00
2001
From: Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com>
Date: Mon, 28 Sep 2015 16:12:48 +0300
Subject: [PATCH 3/7] intg: Add support for specifying all user attrs
Support passing all user attributes to ldap_ent.py's user-creation
functions, in integration tests.
---
src/tests/intg/ldap_ent.py | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/src/tests/intg/ldap_ent.py b/src/tests/intg/ldap_ent.py
index 30eed9d..0bac514 100644
--- a/src/tests/intg/ldap_ent.py
+++ b/src/tests/intg/ldap_ent.py
@@ -18,7 +18,7 @@
#
-def user(base_dn, uid, uidNumber, gidNumber):
+def user(base_dn, uid, uidNumber, gidNumber, **kwargs):
"""
Generate an RFC2307(bis) user add-modlist for passing to ldap.add*
"""
@@ -28,13 +28,23 @@ def user(base_dn, uid, uidNumber, gidNumber):
"uid=" + uid + ",ou=Users," + base_dn,
[
('objectClass', ['top', 'inetOrgPerson',
'posixAccount']),
- ('cn', [uidNumber]),
- ('sn', ['User']),
+ ('cn', [kwargs['cn'] \
+ if 'cn' in kwargs else \
+ uidNumber]),
+ ('sn', [kwargs['sn'] \
+ if 'sn' in kwargs else \
+ 'User']),
('uidNumber', [uidNumber]),
('gidNumber', [gidNumber]),
- ('userPassword', ['Password' + uidNumber]),
- ('homeDirectory', ['/home/' + uid]),
- ('loginShell', ['/bin/bash']),
+ ('userPassword', [kwargs['userPassword'] \
+ if 'userPassword' in kwargs else \
+ 'Password' + uidNumber]),
+ ('homeDirectory', [kwargs['homeDirectory'] \
+ if 'homeDirectory' in kwargs else \
+ '/home/' + uid]),
+ ('loginShell', [kwargs['loginShell'] \
+ if 'loginShell' in kwargs else \
+ '/bin/bash']),
]
)
@@ -86,10 +96,10 @@ class List(list):
self.base_dn = base_dn
def add_user(self, uid, uidNumber, gidNumber,
- base_dn=None):
+ base_dn=None, **kwargs):
"""Add an RFC2307(bis) user add-modlist."""
self.append(user(base_dn or self.base_dn,
- uid, uidNumber, gidNumber))
+ uid, uidNumber, gidNumber, **kwargs))
def add_group(self, cn, gidNumber, member_uids=[],
base_dn=None):
--
2.5.1
From 496f11e16d2949f085f5cc1cf59bfa4fd80090bc Mon Sep 17 00:00:00
2001
From: Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com>
Date: Tue, 29 Sep 2015 20:28:58 +0300
Subject: [PATCH 4/7] intg: Split LDAP test fixtures for flexibility
Split ldap_test.py fixtures into several functions to allow for partial
fixtures and direct use within tests.
---
src/tests/intg/ldap_test.py | 113 ++++++++++++++++++++++++++++++++------------
1 file changed, 83 insertions(+), 30 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index e359ab4..d68a890 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -59,48 +59,101 @@ def ldap_conn(request, ds_inst):
return ldap_conn
-def create_ldap_fixture(request, ldap_conn, ent_list):
- """Add LDAP entries and add teardown for removing
them"""
- for entry in ent_list:
- ldap_conn.add_s(entry[0], entry[1])
- def teardown():
+def create_ldap_entries(ldap_conn, ent_list = None):
+ """Add LDAP entries from ent_list"""
+ if ent_list != None:
+ for entry in ent_list:
+ ldap_conn.add_s(entry[0], entry[1])
+
+
+def cleanup_ldap_entries(ldap_conn, ent_list = None):
+ """Remove LDAP entries added by
create_ldap_entries"""
+ if ent_list == None:
+ for ou in ("Users", "Groups", "Netgroups",
"Services", "Policies"):
+ for entry in ldap_conn.search_s("ou=" + ou + "," +
+ ldap_conn.ds_inst.base_dn,
+ ldap.SCOPE_ONELEVEL,
+ attrlist=[]):
+ ldap_conn.delete_s(entry[0])
+ else:
for entry in ent_list:
ldap_conn.delete_s(entry[0])
- request.addfinalizer(teardown)
-def create_conf_fixture(request, contents):
- """Generate sssd.conf and add teardown for removing
it"""
+def create_ldap_cleanup(request, ldap_conn, ent_list = None):
+ """Add teardown for removing all user/group LDAP
entries"""
+ request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn, ent_list))
+
+
+def create_ldap_fixture(request, ldap_conn, ent_list = None):
+ """Add LDAP entries and add teardown for removing
them"""
+ create_ldap_entries(ldap_conn, ent_list)
+ create_ldap_cleanup(request, ldap_conn, ent_list)
+
+
+def create_conf_file(contents):
+ """Create sssd.conf with specified contents"""
conf = open(config.CONF_PATH, "w")
conf.write(contents)
conf.close()
os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
- request.addfinalizer(lambda: os.unlink(config.CONF_PATH))
-def create_sssd_fixture(request):
- """Start sssd and add teardown for stopping it and removing
state"""
+def cleanup_conf_file():
+ """Remove sssd.conf, if it exists"""
+ if os.path.lexists(config.CONF_PATH):
+ os.unlink(config.CONF_PATH)
+
+
+def create_conf_cleanup(request):
+ """Add teardown for removing sssd.conf"""
+ request.addfinalizer(cleanup_conf_file)
+
+
+def create_conf_fixture(request, contents):
+ """
+ Create sssd.conf with specified contents and add teardown for removing it
+ """
+ create_conf_file(contents)
+ create_conf_cleanup(request)
+
+
+def create_sssd_process():
+ """Start the SSSD process"""
if subprocess.call(["sssd", "-D", "-f"]) != 0:
raise Exception("sssd start failed")
- def teardown():
- try:
- pid_file = open(config.PIDFILE_PATH, "r")
- pid = int(pid_file.read())
- os.kill(pid, signal.SIGTERM)
- while True:
- try:
- os.kill(pid, signal.SIGCONT)
- except:
- break
- time.sleep(1)
- except:
- pass
- subprocess.call(["sss_cache", "-E"])
- for path in os.listdir(config.DB_PATH):
- os.unlink(config.DB_PATH + "/" + path)
- for path in os.listdir(config.MCACHE_PATH):
- os.unlink(config.MCACHE_PATH + "/" + path)
- request.addfinalizer(teardown)
+
+
+def cleanup_sssd_process():
+ """Stop the SSSD process and remove its state"""
+ try:
+ pid_file = open(config.PIDFILE_PATH, "r")
+ pid = int(pid_file.read())
+ os.kill(pid, signal.SIGTERM)
+ while True:
+ try:
+ os.kill(pid, signal.SIGCONT)
+ except:
+ break
+ time.sleep(1)
+ except:
+ pass
+ subprocess.call(["sss_cache", "-E"])
+ for path in os.listdir(config.DB_PATH):
+ os.unlink(config.DB_PATH + "/" + path)
+ for path in os.listdir(config.MCACHE_PATH):
+ os.unlink(config.MCACHE_PATH + "/" + path)
+
+
+def create_sssd_cleanup(request):
+ """Add teardown for stopping SSSD and removing its
state"""
+ request.addfinalizer(cleanup_sssd_process)
+
+
+def create_sssd_fixture(request):
+ """Start SSSD and add teardown for stopping it and removing its
state"""
+ create_sssd_process()
+ create_sssd_cleanup(request)
@pytest.fixture
--
2.5.1
From f7b700da9e12b877cdb0d2eb24a3c0978c730ddb Mon Sep 17 00:00:00
2001
From: Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com>
Date: Tue, 29 Sep 2015 20:46:06 +0300
Subject: [PATCH 5/7] intg: Reduce sssd.conf duplication in test_ldap.py
Use a function to generate basic sssd.conf in test_ldap.py to reduce
code duplication.
---
src/tests/intg/ldap_test.py | 145 ++++++++++++++------------------------------
1 file changed, 47 insertions(+), 98 deletions(-)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index d68a890..a29f701 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -91,6 +91,42 @@ def create_ldap_fixture(request, ldap_conn, ent_list = None):
create_ldap_cleanup(request, ldap_conn, ent_list)
+def format_basic_conf(ldap_conn, bis, enum):
+ """Format a basic SSSD configuration"""
+ if bis:
+ schema_conf = unindent("""\
+ ldap_schema = rfc2307bis
+ ldap_group_object_class = groupOfNames
+ """)
+ else:
+ schema_conf = unindent("""\
+ ldap_schema = rfc2307
+ """)
+ return unindent("""\
+ [sssd]
+ debug_level = 0xffff
+ domains = LDAP
+ services = nss, pam
+
+ [nss]
+ debug_level = 0xffff
+ memcache_timeout = 0
+
+ [pam]
+ debug_level = 0xffff
+
+ [domain/LDAP]
+ ldap_auth_disable_tls_never_use_in_production = true
+ debug_level = 0xffff
+ enumerate = {enum}
+ {schema_conf}
+ id_provider = ldap
+ auth_provider = ldap
+ ldap_uri = {ldap_conn.ds_inst.ldap_url}
+ ldap_search_base = {ldap_conn.ds_inst.base_dn}
+ """).format(**locals())
+
+
def create_conf_file(contents):
"""Create sssd.conf with specified contents"""
conf = open(config.CONF_PATH, "w")
@@ -172,31 +208,7 @@ def sanity(request, ldap_conn):
ent_list.add_group("two_user_group", 2012, ["user1",
"user2"])
create_ldap_fixture(request, ldap_conn, ent_list)
- conf = unindent("""\
- [sssd]
- debug_level = 0xffff
- domains = LDAP
- services = nss, pam
-
- [nss]
- debug_level = 0xffff
- memcache_timeout = 0
-
- [pam]
- debug_level = 0xffff
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- debug_level = 0xffff
- enumerate = true
- ldap_schema = rfc2307
- id_provider = ldap
- auth_provider = ldap
- sudo_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
- """).format(**locals())
- create_conf_fixture(request, conf)
+ create_conf_fixture(request, format_basic_conf(ldap_conn, False, True))
create_sssd_fixture(request)
return None
@@ -206,28 +218,8 @@ def simple(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
-
create_ldap_fixture(request, ldap_conn, ent_list)
-
- conf = unindent("""\
- [sssd]
- config_file_version = 2
- domains = LDAP
- services = nss, pam
-
- [nss]
-
- [pam]
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- ldap_schema = rfc2307
- id_provider = ldap
- auth_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
- """).format(**locals())
- create_conf_fixture(request, conf)
+ create_conf_fixture(request, format_basic_conf(ldap_conn, False, False))
create_sssd_fixture(request)
return None
@@ -260,33 +252,7 @@ def sanity_bis(request, ldap_conn):
[], ["one_user_group1",
"one_user_group2"])
create_ldap_fixture(request, ldap_conn, ent_list)
-
- conf = unindent("""\
- [sssd]
- debug_level = 0xffff
- domains = LDAP
- services = nss, pam
-
- [nss]
- debug_level = 0xffff
- memcache_timeout = 0
-
- [pam]
- debug_level = 0xffff
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- debug_level = 0xffff
- enumerate = true
- ldap_schema = rfc2307bis
- ldap_group_object_class = groupOfNames
- id_provider = ldap
- auth_provider = ldap
- sudo_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
- """).format(**locals())
- create_conf_fixture(request, conf)
+ create_conf_fixture(request, format_basic_conf(ldap_conn, True, True))
create_sssd_fixture(request)
return None
@@ -370,31 +336,14 @@ def refresh_after_cleanup_task(request, ldap_conn):
create_ldap_fixture(request, ldap_conn, ent_list)
- conf = unindent("""\
- [sssd]
- config_file_version = 2
- domains = LDAP
- services = nss
-
- [nss]
- memcache_timeout = 0
-
- [domain/LDAP]
- ldap_auth_disable_tls_never_use_in_production = true
- debug_level = 0xffff
- ldap_schema = rfc2307bis
- ldap_group_object_class = groupOfNames
- id_provider = ldap
- auth_provider = ldap
- sudo_provider = ldap
- ldap_uri = {ldap_conn.ds_inst.ldap_url}
- ldap_search_base = {ldap_conn.ds_inst.base_dn}
-
- entry_cache_user_timeout = 1
- entry_cache_group_timeout = 5000
- ldap_purge_cache_timeout = 3
-
- """).format(**locals())
+ conf = \
+ format_basic_conf(ldap_conn, True, False) + \
+ unindent("""
+ [domain/LDAP]
+ entry_cache_user_timeout = 1
+ entry_cache_group_timeout = 5000
+ ldap_purge_cache_timeout = 3
+ """).format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
--
2.5.1
From e1feef5e13125301e0281de102f56b2301c5cc89 Mon Sep 17 00:00:00
2001
From: Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com>
Date: Wed, 30 Sep 2015 14:13:22 +0300
Subject: [PATCH 6/7] intg: Fix RFC2307bis group member creation
Fix creation of mixed user/group "member" attribute for RFC2307bis
group entries in ldap_ent.py.
---
src/tests/intg/ldap_ent.py | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/tests/intg/ldap_ent.py b/src/tests/intg/ldap_ent.py
index 0bac514..1407349 100644
--- a/src/tests/intg/ldap_ent.py
+++ b/src/tests/intg/ldap_ent.py
@@ -72,20 +72,13 @@ def group_bis(base_dn, cn, gidNumber, member_uids=[],
member_gids=[]):
('objectClass', ['top', 'extensibleObject',
'groupOfNames']),
('gidNumber', [gidNumber])
]
- if len(member_uids) > 0:
- attr_list.append(
- ('member', [
- "uid=" + uid + ",ou=Users," + base_dn for
- uid in member_uids
- ])
- )
- if len(member_gids) > 0:
- attr_list.append(
- ('member', [
- "cn=" + gid + ",ou=Groups," + base_dn for
- gid in member_gids
- ])
- )
+ member_list = []
+ for uid in member_uids:
+ member_list.append("uid=" + uid + ",ou=Users," + base_dn)
+ for gid in member_gids:
+ member_list.append("cn=" + gid + ",ou=Groups," + base_dn)
+ if len(member_list) > 0:
+ attr_list.append(('member', member_list))
return ("cn=" + cn + ",ou=Groups," + base_dn, attr_list)
--
2.5.1
From 72222b8fbc565de66874cfaa62ea0213ebf0f5a9 Mon Sep 17 00:00:00
2001
From: Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com>
Date: Tue, 29 Sep 2015 21:18:18 +0300
Subject: [PATCH 7/7] intg: Add more LDAP tests
Add a bunch of LDAP tests.
* Adding/removing a user/group/membership with rfc2307(bis) schema.
* Filtering users/groups with rfc2307(bis) schema.
* The effect of override_homedir option.
* The effect of fallback_homedir option.
* The effect of override_shell option.
* The effect of shell_fallback option.
* The effect of default_shell option.
* The effect of vetoed_shells option.
---
src/tests/intg/ldap_test.py | 536 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 536 insertions(+)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/ldap_test.py
index a29f701..b20d648 100644
--- a/src/tests/intg/ldap_test.py
+++ b/src/tests/intg/ldap_test.py
@@ -127,6 +127,23 @@ def format_basic_conf(ldap_conn, bis, enum):
""").format(**locals())
+def format_interactive_conf(ldap_conn, bis):
+ """Format an SSSD configuration with all caches refreshing in 4
seconds"""
+ return \
+ format_basic_conf(ldap_conn, bis, True) + \
+ unindent("""
+ [nss]
+ memcache_timeout = 4
+ enum_cache_timeout = 4
+ entry_negative_timeout = 4
+
+ [domain/LDAP]
+ ldap_enumeration_refresh_timeout = 4
+ ldap_purge_cache_timeout = 1
+ entry_cache_timeout = 4
+ """)
+
+
def create_conf_file(contents):
"""Create sssd.conf with specified contents"""
conf = open(config.CONF_PATH, "w")
@@ -368,3 +385,522 @@ def test_refresh_after_cleanup_task(ldap_conn,
refresh_after_cleanup_task):
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user1")))
+
+
+(a)pytest.fixture
+def blank(request, ldap_conn):
+ """Create blank RFC2307 directory fixture with interactive SSSD
conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, False))
+ create_sssd_fixture(request)
+
+
+(a)pytest.fixture
+def blank_bis(request, ldap_conn):
+ """Create blank RFC2307bis directory fixture with interactive SSSD
conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, True))
+ create_sssd_fixture(request)
+
+
+(a)pytest.fixture
+def user_and_group(request, ldap_conn):
+ """
+ Create an RFC2307 directory fixture with interactive SSSD conf,
+ one user and one group
+ """
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user", 1001, 2000)
+ ent_list.add_group("group", 2001)
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, False))
+ create_sssd_fixture(request)
+ return None
+
+
+(a)pytest.fixture
+def user_and_groups_bis(request, ldap_conn):
+ """
+ Create an RFC2307bis directory fixture with interactive SSSD conf,
+ one user and two groups
+ """
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user", 1001, 2000)
+ ent_list.add_group_bis("group1", 2001)
+ ent_list.add_group_bis("group2", 2002)
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, True))
+ create_sssd_fixture(request)
+ return None
+
+
+def test_add_remove_user(ldap_conn, blank):
+ """Test user addition and removal are reflected by
SSSD"""
+ e = ldap_ent.user(ldap_conn.ds_inst.base_dn, "user", 1001, 2000)
+ time.sleep(2)
+ # Add the user
+ ent.assert_passwd(ent.contains_only())
+ ldap_conn.add_s(*e)
+ ent.assert_passwd(ent.contains_only())
+ time.sleep(4)
+ ent.assert_passwd(ent.contains_only(dict(name="user", uid=1001)))
+ # Remove the user
+ ldap_conn.delete_s(e[0])
+ ent.assert_passwd(ent.contains_only(dict(name="user", uid=1001)))
+ time.sleep(4)
+ ent.assert_passwd(ent.contains_only())
+
+
+def test_add_remove_group(ldap_conn, blank):
+ """Test RFC2307 group addition and removal are reflected by
SSSD"""
+ e = ldap_ent.group(ldap_conn.ds_inst.base_dn, "group", 2001)
+ time.sleep(2)
+ # Add the group
+ ent.assert_group(ent.contains_only())
+ ldap_conn.add_s(*e)
+ ent.assert_group(ent.contains_only())
+ time.sleep(4)
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ # Remove the group
+ ldap_conn.delete_s(e[0])
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ time.sleep(4)
+ ent.assert_group(ent.contains_only())
+
+
+def test_add_remove_group_bis(ldap_conn, blank_bis):
+ """Test RFC2307bis group addition and removal are reflected by
SSSD"""
+ e = ldap_ent.group_bis(ldap_conn.ds_inst.base_dn, "group", 2001)
+ time.sleep(2)
+ # Add the group
+ ent.assert_group(ent.contains_only())
+ ldap_conn.add_s(*e)
+ ent.assert_group(ent.contains_only())
+ time.sleep(4)
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ # Remove the group
+ ldap_conn.delete_s(e[0])
+ ent.assert_group(ent.contains_only(dict(name="group", gid=2001)))
+ time.sleep(4)
+ ent.assert_group(ent.contains_only())
+
+
+def test_add_remove_membership(ldap_conn, user_and_group):
+ """Test user membership addition and removal are reflected by
SSSD"""
+ time.sleep(2)
+ # Add user to group
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only()))
+ ldap_conn.modify_s("cn=group,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_REPLACE, "memberUid", "user")])
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only()))
+ time.sleep(4)
+ ent.assert_group_by_name("group", dict(mem =
ent.contains_only("user")))
+ # Remove user from group
+ ldap_conn.modify_s("cn=group,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_DELETE, "memberUid", None)])
+ ent.assert_group_by_name("group", dict(mem =
ent.contains_only("user")))
+ time.sleep(4)
+ ent.assert_group_by_name("group", dict(mem = ent.contains_only()))
+
+
+def test_add_remove_membership_bis(ldap_conn, user_and_groups_bis):
+ """
+ Test user and group membership addition and removal are reflected by SSSD,
+ with RFC2307bis schema
+ """
+ time.sleep(2)
+ # Add user to group1
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only()))
+ ldap_conn.modify_s("cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_REPLACE, "member",
+ "uid=user,ou=Users," + ldap_conn.ds_inst.base_dn)])
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only()))
+ time.sleep(4)
+ ent.assert_group_by_name("group1", dict(mem =
ent.contains_only("user")))
+
+ # Add group1 to group2
+ ldap_conn.modify_s("cn=group2,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_REPLACE, "member",
+ "cn=group1,ou=Groups," +
ldap_conn.ds_inst.base_dn)])
+ ent.assert_group_by_name("group2", dict(mem = ent.contains_only()))
+ time.sleep(4)
+ ent.assert_group_by_name("group2", dict(mem =
ent.contains_only("user")))
+
+ # Remove group1 from group2
+ ldap_conn.modify_s("cn=group2,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_DELETE, "member", None)])
+ ent.assert_group_by_name("group2", dict(mem =
ent.contains_only("user")))
+ time.sleep(4)
+ ent.assert_group_by_name("group2", dict(mem = ent.contains_only()))
+
+ # Remove user from group1
+ ldap_conn.modify_s("cn=group1,ou=Groups," + ldap_conn.ds_inst.base_dn,
+ [(ldap.MOD_DELETE, "member", None)])
+ ent.assert_group_by_name("group1", dict(mem =
ent.contains_only("user")))
+ time.sleep(4)
+ ent.assert_group_by_name("group1", dict(mem = ent.contains_only()))
+
+
+(a)pytest.fixture
+def blank(request, ldap_conn):
+ """Create blank RFC2307 directory fixture with interactive SSSD
conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request, format_interactive_conf(ldap_conn, False))
+ create_sssd_fixture(request)
+
+
+(a)pytest.fixture
+def void_conf(request):
+ create_conf_cleanup(request)
+
+
+(a)pytest.fixture
+def void_sssd(request):
+ create_sssd_cleanup(request)
+
+
+(a)pytest.fixture
+def three_users_three_groups(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2001)
+ ent_list.add_user("user2", 1002, 2002)
+ ent_list.add_user("user3", 1003, 2003)
+ ent_list.add_group("group1", 2001, ["user1"])
+ ent_list.add_group("group2", 2002, ["user2"])
+ ent_list.add_group("group3", 2003, ["user3"])
+ create_ldap_fixture(request, ldap_conn, ent_list)
+
+
+def test_filter_users(request, ldap_conn, three_users_three_groups,
+ void_conf, void_sssd):
+ """Test the effect of the "filter_users"
option"""
+ all_users = frozenset([1, 2, 3])
+ for filter_users_in_groups in [False, True]:
+ for filter_users in [frozenset([]),
+ frozenset([1]),
+ frozenset([1, 2]),
+ frozenset([1, 2, 3])]:
+ unfiltered_users = all_users - filter_users
+ filter_users_str = ",".join(map(lambda i: "user" +
str(i),
+ filter_users))
+
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""
+ [nss]
+ filter_users = {filter_users_str}
+ filter_users_in_groups = {filter_users_in_groups}
+ """).format(**locals())
+ create_conf_file(conf)
+ create_sssd_process()
+ ent.assert_passwd(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(name = "user" + str(i), uid = 1000 + i),
+ unfiltered_users
+ )
+ )
+ )
+ ent.assert_group(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(
+ name = "group" + str(i),
+ gid = 2000 + i,
+ mem = ent.contains_only() \
+ if filter_users_in_groups and \
+ i in filter_users else \
+ ent.contains_only("user" +
str(i))
+ ),
+ all_users
+ )
+ )
+ )
+ cleanup_sssd_process()
+ cleanup_conf_file()
+
+
+def test_filter_groups(request, ldap_conn, three_users_three_groups,
+ void_conf, void_sssd):
+ """Test the effect of the "filter_groups" option with
RFC2307 groups"""
+ all_groups = frozenset([1, 2, 3])
+ for filter_groups in [frozenset([]),
+ frozenset([1]),
+ frozenset([1, 2]),
+ frozenset([1, 2, 3])]:
+ unfiltered_groups = all_groups - filter_groups
+ filter_groups_str = ",".join(map(lambda i: "group" +
str(i),
+ filter_groups))
+
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""
+ [nss]
+ filter_groups = {filter_groups_str}
+ """).format(**locals())
+ create_conf_file(conf)
+ create_sssd_process()
+ ent.assert_group(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(
+ name = "group" + str(i),
+ gid = 2000 + i,
+ mem = ent.contains_only("user" + str(i))
+ ),
+ unfiltered_groups
+ )
+ )
+ )
+ cleanup_sssd_process()
+ cleanup_conf_file()
+
+
+(a)pytest.fixture
+def three_users_three_groups_bis(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2001)
+ ent_list.add_user("user2", 1002, 2002)
+ ent_list.add_user("user3", 1003, 2003)
+ ent_list.add_group_bis("group1", 2001, ["user1"])
+ ent_list.add_group_bis("group2", 2002, ["user2"],
["group1"])
+ ent_list.add_group_bis("group3", 2003, ["user3"],
["group2"])
+ create_ldap_fixture(request, ldap_conn, ent_list)
+
+
+def test_filter_groups_bis(request, ldap_conn, three_users_three_groups_bis,
+ void_conf, void_sssd):
+ """Test the effect of the "filter_groups" option with
RFC2307bis groups"""
+ all_groups = frozenset([1, 2, 3])
+ for filter_groups in [frozenset([]),
+ frozenset([1]),
+ frozenset([1, 2]),
+ frozenset([1, 2, 3])]:
+ unfiltered_groups = all_groups - filter_groups
+ filter_groups_str = ",".join(map(lambda i: "group" +
str(i),
+ filter_groups))
+
+ conf = \
+ format_basic_conf(ldap_conn, True, True) + \
+ unindent("""
+ [nss]
+ filter_groups = {filter_groups_str}
+ """).format(**locals())
+ create_conf_file(conf)
+ create_sssd_process()
+ ent.assert_group(
+ ent.contains_only(
+ *map(
+ lambda i: \
+ dict(
+ name = "group" + str(i),
+ gid = 2000 + i,
+ mem = ent.contains_only(
+ *map(lambda j: "user" + str(j),
+ range(1, i + 1)))
+ ),
+ unfiltered_groups
+ )
+ )
+ )
+ cleanup_sssd_process()
+ cleanup_conf_file()
+
+
+(a)pytest.fixture
+def override_homedir(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_homedir_A", 1001, 2001,
+ homeDirectory = "/home/A")
+ ent_list.add_user("user_with_homedir_B", 1002, 2002,
+ homeDirectory = "/home/B")
+ ent_list.add_user("user_with_empty_homedir", 1003, 2003,
+ homeDirectory = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ override_homedir = /home/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_override_homedir(override_homedir):
+ """Test the effect of the "override_homedir"
option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_homedir_A", uid=1001,
dir="/home/B"),
+ dict(name="user_with_homedir_B", uid=1002,
dir="/home/B"),
+ dict(name="user_with_empty_homedir", uid=1003,
dir="/home/B")
+ )
+ )
+
+
+(a)pytest.fixture
+def fallback_homedir(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_homedir_A", 1001, 2001,
+ homeDirectory = "/home/A")
+ ent_list.add_user("user_with_homedir_B", 1002, 2002,
+ homeDirectory = "/home/B")
+ ent_list.add_user("user_with_empty_homedir", 1003, 2003,
+ homeDirectory = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ fallback_homedir = /home/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_fallback_homedir(fallback_homedir):
+ """Test the effect of the "fallback_homedir"
option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_homedir_A", uid=1001,
dir="/home/A"),
+ dict(name="user_with_homedir_B", uid=1002,
dir="/home/B"),
+ dict(name="user_with_empty_homedir", uid=1003,
dir="/home/B")
+ )
+ )
+
+
+(a)pytest.fixture
+def override_shell(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_shell_A", 1001, 2001,
+ loginShell = "/bin/A")
+ ent_list.add_user("user_with_shell_B", 1002, 2002,
+ loginShell = "/bin/B")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ override_shell = /bin/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_override_shell(override_shell):
+ """Test the effect of the "override_shell"
option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_shell_A", uid=1001,
shell="/bin/B"),
+ dict(name="user_with_shell_B", uid=1002,
shell="/bin/B"),
+ dict(name="user_with_empty_shell", uid=1003,
shell="/bin/B")
+ )
+ )
+
+
+(a)pytest.fixture
+def shell_fallback(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell = "/bin/sh")
+ ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
+ loginShell = "/bin/not_installed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ shell_fallback = /bin/fallback
+ allowed_shells = /bin/not_installed
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_shell_fallback(shell_fallback):
+ """Test the effect of the "shell_fallback"
option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_sh_shell", uid=1001,
shell="/bin/sh"),
+ dict(name="user_with_not_installed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003, shell="")
+ )
+ )
+
+
+(a)pytest.fixture
+def default_shell(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell = "/bin/sh")
+ ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
+ loginShell = "/bin/not_installed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ default_shell = /bin/default
+ allowed_shells = /bin/default, /bin/not_installed
+ shell_fallback = /bin/fallback
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_default_shell(default_shell):
+ """Test the effect of the "default_shell"
option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_sh_shell", uid=1001,
shell="/bin/sh"),
+ dict(name="user_with_not_installed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003,
+ shell="/bin/default")
+ )
+ )
+
+
+(a)pytest.fixture
+def vetoed_shells(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell = "/bin/sh")
+ ent_list.add_user("user_with_vetoed_shell", 1002, 2002,
+ loginShell = "/bin/vetoed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell = "")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, False, True) + \
+ unindent("""\
+ [nss]
+ default_shell = /bin/default
+ vetoed_shells = /bin/vetoed
+ shell_fallback = /bin/fallback
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_vetoed_shells(vetoed_shells):
+ """Test the effect of the "vetoed_shells"
option"""
+ ent.assert_passwd(
+ ent.contains_only(
+ dict(name="user_with_sh_shell", uid=1001,
shell="/bin/sh"),
+ dict(name="user_with_vetoed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003,
+ shell="/bin/default")
+ )
+ )
--
2.5.1
____________________________________________________________________________________________________________________________________________________
test_getpwnam_with_mc
____________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 297, in test_getpwnam_with_mc
test_getpwnam(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 215, in test_getpwnam
gecos='1001', shell='/bin/bash'))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 218, in assert_passwd_by_name
assert False, err
AssertionError: 'getpwnam(): name not found: user1'
________________________________________________________________________________________________________________________________________________
test_getgrnam_simple_with_mc
_________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 323, in test_getgrnam_simple_with_mc
test_getgrnam_simple(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 301, in test_getgrnam_simple
ent.assert_group_by_name("group1", dict(name="group1",
gid=2001))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 378, in assert_group_by_name
assert False, err
AssertionError: 'getgrnam(): name not found: group1'
______________________________________________________________________________________________________________________________________________
test_getgrnam_membership_with_mc
_______________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 373, in test_getgrnam_membership_with_mc
test_getgrnam_membership(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 329, in test_getgrnam_membership
dict(mem=ent.contains_only("user1", "user11",
"user21")))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 378, in assert_group_by_name
assert False, err
AssertionError: 'getgrnam(): name not found: group1'
___________________________________________________________________________________________________________________________________________________
test_initgroups_with_mc
___________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 405, in test_initgroups_with_mc
test_initgroups(ldap_conn, sanity_rfc2307)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 389, in test_initgroups
assert_user_gids_equal('user1', [2000, 2001])
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 377, in assert_user_gids_equal
(res, errno, gids) = sssd_id.get_user_gids(user)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/sssd_id.py", line
91, in get_user_gids
pwd_user = pwd.getpwnam(user)
KeyError: 'getpwnam(): name not found: user1'
_______________________________________________________________________________________________________________________________________________
test_initgroups_fqname_with_mc
________________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 411, in test_initgroups_fqname_with_mc
assert_user_gids_equal('user1@LDAP', [2000, 2001])
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 377, in assert_user_gids_equal
(res, errno, gids) = sssd_id.get_user_gids(user)
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/sssd_id.py", line
91, in get_user_gids
pwd_user = pwd.getpwnam(user)
KeyError: 'getpwnam(): name not found: user1@LDAP'
_________________________________________________________________________________________________________________________________________
test_invalidation_of_gids_after_initgroups
__________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 526, in test_invalidation_of_gids_after_initgroups
gecos='1001', shell='/bin/bash'))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 218, in assert_passwd_by_name
assert False, err
AssertionError: 'getpwnam(): name not found: user1'
________________________________________________________________________________________________________________________________________
test_initgroups_without_change_in_membership
_________________________________________________________________________________________________________________________________________
Traceback (most recent call last):
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 570, in test_initgroups_without_change_in_membership
run_simple_test_with_initgroups()
File
"/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/test_memory_cache.py",
line 489, in run_simple_test_with_initgroups
gecos='1001', shell='/bin/bash'))
File "/home/nkondras/projects/fedorahosted.org/sssd/src/tests/intg/ent.py",
line 218, in assert_passwd_by_name
assert False, err
AssertionError: 'getpwnam(): name not found: user1'
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel