Skip to content

Commit

Permalink
Tests: sudo defaults rule
Browse files Browse the repository at this point in the history
Removed deprecated options
  • Loading branch information
shridhargadekar committed Apr 4, 2024
1 parent 0d5e8f1 commit 9884f2b
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions src/tests/system/tests/test_sudo.py
Original file line number Diff line number Diff line change
Expand Up @@ -556,3 +556,35 @@ def test_sudo__local_users_negative_cache(client: Client, provider: LDAP, sssd_s

result = client.tools.tshark(["-r", "/tmp/sssd.pcap", "-V", "-2", "-R", "ldap.filter"])
assert "uid=user-1" not in result.stdout


@pytest.mark.importance("critical")
@pytest.mark.authorization
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_sudo__defaults_rule(client: Client, provider: GenericProvider):
"""
:title: defaults sudo rule behavior with no authentication
:setup:
1. Create user "user-1"
2. Create a sudorule named default with option '!authenticate'
3. Create a sudorule named allow-user-1 able to run all commands on all hosts with password
authentication require
4. Enable SSSD sudo responder
5. Start SSSD
:steps:
1. List sudo rules for "user-1"
2. Run "sudo /bin/ls root" as user-1
:expectedresults:
1. User is able to run sudo commands on client with password authentication
2. Command is successful without password authentication
:customerscenario: False
"""
provider.user("user-1").add()
provider.sudorule("defaults").add(option="!authenticate")
provider.sudorule("allow-user-1").add(user="user-1", host="ALL", command="ALL")

client.sssd.common.sudo()
client.sssd.start()

assert client.auth.sudo.list("user-1", expected=["(root) ALL"])
assert client.auth.sudo.run("user-1", command="/bin/ls /root")

0 comments on commit 9884f2b

Please sign in to comment.