Tests: sudo defaults rule

Fixed minor doc-string set up
SSSD · Apr 4, 2024 · 1856bef · 1856bef
1 parent 0d5e8f1
commit 1856bef
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/src/tests/system/tests/test_sudo.py b/src/tests/system/tests/test_sudo.py
@@ -556,3 +556,35 @@ def test_sudo__local_users_negative_cache(client: Client, provider: LDAP, sssd_s
 
     result = client.tools.tshark(["-r", "/tmp/sssd.pcap", "-V", "-2", "-R", "ldap.filter"])
     assert "uid=user-1" not in result.stdout
+
+
+@pytest.mark.importance("critical")
+@pytest.mark.authorization
+@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
+def test_sudo__defaults_rule(client: Client, provider: GenericProvider):
+    """
+    :title: defaults sudo rule behavior with no authentication
+    :setup:
+        1. Create user "user-1"
+        2. Create a sudorule named defaults with option '!authenticate'
+        3. Create a sudorule named allow-user-1 to allow user-1 to run all commands on all hosts with password
+           authentication required
+        4. Enable SSSD sudo responder
+        5. Start SSSD
+    :steps:
+        1. List sudo rules for "user-1"
+        2. Run "sudo /bin/ls root" as user-1
+    :expectedresults:
+        1. User is able to run sudo commands on client with password authentication
+        2. Command is successful without password authentication
+    :customerscenario: False
+    """
+    provider.user("user-1").add()
+    provider.sudorule("defaults").add(option="!authenticate")
+    provider.sudorule("allow-user-1").add(user="user-1", host="ALL", command="ALL")
+
+    client.sssd.common.sudo()
+    client.sssd.start()
+
+    assert client.auth.sudo.list("user-1", expected=["(root) ALL"])
+    assert client.auth.sudo.run("user-1", command="/bin/ls /root")