From b038bfa5a5a22a68876cb7fdd77c653f533b1c8f Mon Sep 17 00:00:00 2001 From: Dan Lavu Date: Mon, 23 Sep 2024 21:31:47 -0400 Subject: [PATCH] tests: authentication, adding override_homedir tests * moving ad specific test out of authentication and to it's own file --- src/tests/system/tests/test_authentication.py | 114 ++++++++---------- 1 file changed, 49 insertions(+), 65 deletions(-) diff --git a/src/tests/system/tests/test_authentication.py b/src/tests/system/tests/test_authentication.py index bf378249b3c..f773de30e52 100644 --- a/src/tests/system/tests/test_authentication.py +++ b/src/tests/system/tests/test_authentication.py @@ -7,8 +7,10 @@ from __future__ import annotations import pytest +from sssd_test_framework.roles.ad import AD from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.ldap import LDAP from sssd_test_framework.topology import KnownTopologyGroup @@ -47,81 +49,63 @@ def test_authentication__with_default_settings( @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -@pytest.mark.parametrize("method", ["su", "ssh"]) +@pytest.mark.parametrize( + "sequence", + ["user", "uid", "fqn", "domain", "first_letter", "principal", "original", "lower", "substring", "literal%"], +) @pytest.mark.importance("critical") -def test_authentication__with_overriding_home_directory( - client: Client, provider: GenericProvider, method: str -): +def test_authentication__with_overriding_home_directory(client: Client, provider: GenericProvider, sequence: str): """ :title: Authenticate and override the user's home directory + :description: + For simplicity, the home directory is set to '/home/user1' because some providers paths are different. :setup: - 1. Create user - 2. Start SSSD and lookup user - 3. Configure SSSD with 'override_homedir' values and restart SSSD + 1. Backup the /home directory + 2. Create user and set home directory to '/home/user1' + 3. Start SSSD with mkhomedir configuration and lookup user + 4. Configure SSSD with 'override_homedir' sequence value and restart SSSD :steps: - 1. Check home directory path - 2. Authenticate user with correct password - 3. Check home directory path - :expectedresults if target is None and self.target is None: - self.target = "Default-First-Site-Name" - - if target is not None and self.target is None: - self.target = target - - args: CLIBuilderArgs = { - "Guid": (self.cli.option.VALUE, self.cn), - "Target": (self.cli.option.VALUE, self.target), - "Enforced": (self.cli.option.VALUE, "Yes" if enforced else "No"), - "LinkEnabled": (self.cli.option.VALUE, "Yes" if not disabled else "No"), - "Order": (self.cli.option.VALUE, order), - } - - # The cmdlets take the same arguments, but one is for new links and the other is for existing links. - # This is combined to simplify gpo management. - new_link = self.role.host.conn.run( - self.cli.command("New-GPLink", args), - raise_on_error=False, - ) - if new_link.rc != 0: - self.role.host.conn.run( - self.cli.command("Set-GPLink", args), - raise_on_error=False, - ) - - return self: - 1. Home directory does not exist - 2. Authentication is successful - 3. Home directory exists + 1. Login as user and check working directory + :expectedresults: + 1. Login is successful and working directory matches the expected value :customerscenario: False """ - provider.user("user1").add(password="Secret123") + client.fs.backup("/home") + provider.user("user1").add(password="Secret123", home="/home/user1") + client.sssd.common.mkhomedir() client.sssd.start() user = client.tools.getent.passwd("user1") - - for i in [ - ("%u", user.name), - ("%U", user.uid), - ("%f", f"{user.name}@{client.sssd.default_domain}"), - ("%d", client.sssd.default_domain), - ("%l", user.name[0]), - ("%P", f"{user.name}@{client.sssd.default_domain.upper()}"), - ("%o", user.home), - ("%h", user.home.lower()), - ("%H", f"homedir/{user.name}"), - ("%%", "%"), - ]: - if i[0] == "%H": - client.sssd.domain["homedir_substring"] = "/home/homedir" - client.sssd.domain["override_homedir"] = f"{i[0]}/%u" - client.sssd.restart() - else: - client.sssd.domain["override_homedir"] = f"/home/{i[0]}" - client.sssd.restart() - - assert not client.fs.exists(i[1]), f"Home directory /home/{i[1]} already exists!" - assert client.auth.parametrize(method).password("user1", "Secret123"), "User failed login!" - assert client.fs.exists(i[1]), f"Home directory /home/{i[1]} does not exist!" + assert user is not None + + # Sequence dictionary with configuration and expected values + _sequence: dict[str, list[str]] = { + "user": ["/home/%u", f"/home/{user.name}"], + "uid": ["/home/%U", f"/home/{user.uid}"], + "fqn": ["/home/%f", f"/home/{user.name}@{client.sssd.default_domain}"], + "domain": ["/home/%d/%u", f"/home/{client.sssd.default_domain}/{user.name}"], + "first_letter": ["/home/%l", f"/home/{str(user.name)[0]}"], + "principal": ["/home/%P", f"/home/{user.name}@{provider.domain.upper()}"], + "original": ["%o", f"{user.home}"], + "lower": ["%h", f"{user.home}"], + "substring": ["%H/%u", f"/home/homedir/{user.name}"], + "literal%": ["/home/%%/%u", f"/home/%/{user.name}"], + } + + # Uses homedir_substring as part of the sequence + for k, v in _sequence.items(): + if k == sequence: + if k == "principal" and (isinstance(provider, AD) or isinstance(provider, LDAP)): + pytest.skip("Skipping provider, userPrincipal attribute is not set!") + else: + client.sssd.domain["homedir_substring"] = "/home/homedir" + client.sssd.domain["override_homedir"] = v[0] + client.sssd.restart() + + with client.ssh("user1", "Secret123") as ssh: + result = ssh.run("pwd").stdout + assert result is not None, "Getting path failed!" + assert result == v[1], f"Current path {result} is not {v[1]}!" @pytest.mark.topology(KnownTopologyGroup.AnyProvider)