Skip to content

Commit

Permalink
tests: authentication, adding override_homedir tests
Browse files Browse the repository at this point in the history 
* moving ad specific test out of authentication and to it's own file
  • Loading branch information
Dan Lavu committed Sep 24, 2024
1 parent b10579f commit b038bfa
Showing 1 changed file with 49 additions and 65 deletions.
114 changes: 49 additions & 65 deletions src/tests/system/tests/test_authentication.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,10 @@
from __future__ import annotations

import pytest
from sssd_test_framework.roles.ad import AD
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericProvider
from sssd_test_framework.roles.ldap import LDAP
from sssd_test_framework.topology import KnownTopologyGroup


Expand Down Expand Up @@ -47,81 +49,63 @@ def test_authentication__with_default_settings(


@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("method", ["su", "ssh"])
@pytest.mark.parametrize(
"sequence",
["user", "uid", "fqn", "domain", "first_letter", "principal", "original", "lower", "substring", "literal%"],
)
@pytest.mark.importance("critical")
def test_authentication__with_overriding_home_directory(
client: Client, provider: GenericProvider, method: str
):
def test_authentication__with_overriding_home_directory(client: Client, provider: GenericProvider, sequence: str):
"""
:title: Authenticate and override the user's home directory
:description:
For simplicity, the home directory is set to '/home/user1' because some providers paths are different.
:setup:
1. Create user
2. Start SSSD and lookup user
3. Configure SSSD with 'override_homedir' values and restart SSSD
1. Backup the /home directory
2. Create user and set home directory to '/home/user1'
3. Start SSSD with mkhomedir configuration and lookup user
4. Configure SSSD with 'override_homedir' sequence value and restart SSSD
:steps:
1. Check home directory path
2. Authenticate user with correct password
3. Check home directory path
:expectedresults if target is None and self.target is None:
self.target = "Default-First-Site-Name"
if target is not None and self.target is None:
self.target = target
args: CLIBuilderArgs = {
"Guid": (self.cli.option.VALUE, self.cn),
"Target": (self.cli.option.VALUE, self.target),
"Enforced": (self.cli.option.VALUE, "Yes" if enforced else "No"),
"LinkEnabled": (self.cli.option.VALUE, "Yes" if not disabled else "No"),
"Order": (self.cli.option.VALUE, order),
}
# The cmdlets take the same arguments, but one is for new links and the other is for existing links.
# This is combined to simplify gpo management.
new_link = self.role.host.conn.run(
self.cli.command("New-GPLink", args),
raise_on_error=False,
)
if new_link.rc != 0:
self.role.host.conn.run(
self.cli.command("Set-GPLink", args),
raise_on_error=False,
)
return self:
1. Home directory does not exist
2. Authentication is successful
3. Home directory exists
1. Login as user and check working directory
:expectedresults:
1. Login is successful and working directory matches the expected value
:customerscenario: False
"""
provider.user("user1").add(password="Secret123")
client.fs.backup("/home")
provider.user("user1").add(password="Secret123", home="/home/user1")
client.sssd.common.mkhomedir()
client.sssd.start()

user = client.tools.getent.passwd("user1")

for i in [
("%u", user.name),
("%U", user.uid),
("%f", f"{user.name}@{client.sssd.default_domain}"),
("%d", client.sssd.default_domain),
("%l", user.name[0]),
("%P", f"{user.name}@{client.sssd.default_domain.upper()}"),
("%o", user.home),
("%h", user.home.lower()),
("%H", f"homedir/{user.name}"),
("%%", "%"),
]:
if i[0] == "%H":
client.sssd.domain["homedir_substring"] = "/home/homedir"
client.sssd.domain["override_homedir"] = f"{i[0]}/%u"
client.sssd.restart()
else:
client.sssd.domain["override_homedir"] = f"/home/{i[0]}"
client.sssd.restart()

assert not client.fs.exists(i[1]), f"Home directory /home/{i[1]} already exists!"
assert client.auth.parametrize(method).password("user1", "Secret123"), "User failed login!"
assert client.fs.exists(i[1]), f"Home directory /home/{i[1]} does not exist!"
assert user is not None

# Sequence dictionary with configuration and expected values
_sequence: dict[str, list[str]] = {
"user": ["/home/%u", f"/home/{user.name}"],
"uid": ["/home/%U", f"/home/{user.uid}"],
"fqn": ["/home/%f", f"/home/{user.name}@{client.sssd.default_domain}"],
"domain": ["/home/%d/%u", f"/home/{client.sssd.default_domain}/{user.name}"],
"first_letter": ["/home/%l", f"/home/{str(user.name)[0]}"],
"principal": ["/home/%P", f"/home/{user.name}@{provider.domain.upper()}"],
"original": ["%o", f"{user.home}"],
"lower": ["%h", f"{user.home}"],
"substring": ["%H/%u", f"/home/homedir/{user.name}"],
"literal%": ["/home/%%/%u", f"/home/%/{user.name}"],
}

# Uses homedir_substring as part of the sequence
for k, v in _sequence.items():
if k == sequence:
if k == "principal" and (isinstance(provider, AD) or isinstance(provider, LDAP)):
pytest.skip("Skipping provider, userPrincipal attribute is not set!")
else:
client.sssd.domain["homedir_substring"] = "/home/homedir"
client.sssd.domain["override_homedir"] = v[0]
client.sssd.restart()

with client.ssh("user1", "Secret123") as ssh:
result = ssh.run("pwd").stdout
assert result is not None, "Getting path failed!"
assert result == v[1], f"Current path {result} is not {v[1]}!"


@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
Expand Down

0 comments on commit b038bfa

Please sign in to comment.