Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TESTS: don't use deprecated sssd.conf::user option #7266

Closed
wants to merge 1 commit into from
Closed

TESTS: don't use deprecated sssd.conf::user option #7266

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 3 additions & 21 deletions src/tests/system/tests/test_authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,7 @@

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("method", ["su", "ssh"])
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_authentication__login(client: Client, provider: GenericProvider, method: str, sssd_service_user: str):
def test_authentication__login(client: Client, provider: GenericProvider, method: str):
"""
:title: ssh/su login
:setup:
Expand All @@ -37,7 +32,6 @@ def test_authentication__login(client: Client, provider: GenericProvider, method
"""
provider.user("user1").add(password="Secret123")

client.sssd.set_service_user(sssd_service_user)
client.sssd.start()

assert client.auth.parametrize(method).password("user1", "Secret123"), "login with correct password failed"
Expand All @@ -46,12 +40,7 @@ def test_authentication__login(client: Client, provider: GenericProvider, method

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("method", ["su", "ssh"])
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_authentication__offline_login(client: Client, provider: GenericProvider, method: str, sssd_service_user: str):
def test_authentication__offline_login(client: Client, provider: GenericProvider, method: str):
"""
:title: Offline ssh/su login
:setup:
Expand Down Expand Up @@ -80,7 +69,6 @@ def test_authentication__offline_login(client: Client, provider: GenericProvider
wrong = "Wrong123"
provider.user(user).add(password=correct)

client.sssd.set_service_user(sssd_service_user)
client.sssd.domain["cache_credentials"] = "True"
client.sssd.domain["krb5_store_password_if_offline"] = "True"
client.sssd.pam["offline_credentials_expiration"] = "0"
Expand All @@ -103,12 +91,7 @@ def test_authentication__offline_login(client: Client, provider: GenericProvider
@pytest.mark.topology(KnownTopology.AD)
@pytest.mark.ticket(gh=7174)
@pytest.mark.parametrize("method", ["su", "ssh"])
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_authentication__login_using_email_address(client: Client, ad: AD, method: str, sssd_service_user: str):
def test_authentication__login_using_email_address(client: Client, ad: AD, method: str):
"""
:title: Login using user's email address
:description:
Expand All @@ -128,7 +111,6 @@ def test_authentication__login_using_email_address(client: Client, ad: AD, metho
ad.user("user-2").add(password="Secret123", email="[email protected]")
ad.user("user-3").add(password="Secret123", email="[email protected]")

client.sssd.set_service_user(sssd_service_user)
client.sssd.start()

assert client.auth.parametrize(method).password(
Expand Down
10 changes: 1 addition & 9 deletions src/tests/system/tests/test_autofs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,7 @@
@pytest.mark.ticket(gh=6739)
@pytest.mark.parametrize("cache_first", [False, True])
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_autofs__cache_first(
client: Client, nfs: NFS, provider: GenericProvider, cache_first: bool, sssd_service_user: str
):
def test_autofs__cache_first(client: Client, nfs: NFS, provider: GenericProvider, cache_first: bool):
"""
:title: Autofs works correctly with any cache_first value
:setup:
Expand Down Expand Up @@ -52,7 +45,6 @@ def test_autofs__cache_first(
key = auto_export.key("export").add(info=nfs_export)

# Start SSSD
client.sssd.set_service_user(sssd_service_user)
client.sssd.common.autofs()
client.sssd.autofs["cache_first"] = str(cache_first)
client.sssd.start()
Expand Down
26 changes: 3 additions & 23 deletions src/tests/system/tests/test_identity.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,7 @@

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_identity__lookup_username_with_id(client: Client, provider: GenericProvider, sssd_service_user: str):
def test_identity__lookup_username_with_id(client: Client, provider: GenericProvider):
"""
:title: Resolve user by name with id
:setup:
Expand All @@ -40,7 +35,6 @@ def test_identity__lookup_username_with_id(client: Client, provider: GenericProv
for user, id in ids:
provider.user(user).add(uid=id, gid=id + 500)

client.sssd.set_service_user(sssd_service_user)
client.sssd.domain["ldap_id_mapping"] = "false"
client.sssd.start()

Expand All @@ -53,12 +47,7 @@ def test_identity__lookup_username_with_id(client: Client, provider: GenericProv

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_identity__lookup_uid_with_id(client: Client, provider: GenericProvider, sssd_service_user: str):
def test_identity__lookup_uid_with_id(client: Client, provider: GenericProvider):
"""
:title: Resolve user by uid with id
:setup:
Expand All @@ -79,7 +68,6 @@ def test_identity__lookup_uid_with_id(client: Client, provider: GenericProvider,
for user, id in ids:
provider.user(user).add(uid=id, gid=id + 500)

client.sssd.set_service_user(sssd_service_user)
client.sssd.domain["ldap_id_mapping"] = "false"
client.sssd.start()

Expand Down Expand Up @@ -240,14 +228,7 @@ def test_identity__lookup_user_by_group_with_getent(client: Client, provider: Ge

@pytest.mark.importance("critical")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_identity__lookup_group_membership_by_username_with_id(
client: Client, provider: GenericProvider, sssd_service_user: str
):
def test_identity__lookup_group_membership_by_username_with_id(client: Client, provider: GenericProvider):
"""
:title: Check membership of user by group name with id
:setup:
Expand All @@ -270,7 +251,6 @@ def test_identity__lookup_group_membership_by_username_with_id(

provider.group("group1").add().add_members([u1, u2, u3])

client.sssd.set_service_user(sssd_service_user)
client.sssd.start()

for name, groups in users:
Expand Down
8 changes: 1 addition & 7 deletions src/tests/system/tests/test_ldap.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,7 @@
@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"])
@pytest.mark.parametrize("use_ppolicy", ["true", "false"])
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str, sssd_service_user: str):
def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use_ppolicy: str):
"""
:title: Change password with "ldap_pwmodify_mode" set to @modify_mode
:setup:
Expand All @@ -50,7 +45,6 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str, use
ldap.user(user).add(password=old_pass)
ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)')

client.sssd.set_service_user(sssd_service_user)
client.sssd.domain["ldap_pwmodify_mode"] = modify_mode
client.sssd.domain["ldap_use_ppolicy"] = use_ppolicy
client.sssd.start()
Expand Down
24 changes: 3 additions & 21 deletions src/tests/system/tests/test_sudo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,7 @@
@pytest.mark.importance("critical")
@pytest.mark.authorization
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_sudo__user_allowed(client: Client, provider: GenericProvider, sssd_service_user: str):
def test_sudo__user_allowed(client: Client, provider: GenericProvider):
"""
:title: One user is allowed to run command, other user is not
:setup:
Expand All @@ -52,7 +47,6 @@ def test_sudo__user_allowed(client: Client, provider: GenericProvider, sssd_serv
provider.user("user-2").add()
provider.sudorule("test").add(user=u, host="ALL", command="/bin/ls")

client.sssd.set_service_user(sssd_service_user)
client.sssd.common.sudo()
client.sssd.start()

Expand Down Expand Up @@ -161,12 +155,7 @@ def test_sudo__case_sensitive_false(client: Client, provider: GenericProvider):
@pytest.mark.importance("critical")
@pytest.mark.authorization
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_sudo__rules_refresh(client: Client, provider: GenericProvider, sssd_service_user: str):
def test_sudo__rules_refresh(client: Client, provider: GenericProvider):
"""
:title: Sudo rules refresh works
:setup:
Expand All @@ -190,7 +179,6 @@ def test_sudo__rules_refresh(client: Client, provider: GenericProvider, sssd_ser
u = provider.user("user-1").add()
r = provider.sudorule("test").add(user=u, host="ALL", command="/bin/ls")

client.sssd.set_service_user(sssd_service_user)
client.sssd.common.sudo()
client.sssd.domain["entry_cache_sudo_timeout"] = "2"
client.sssd.start()
Expand Down Expand Up @@ -507,12 +495,7 @@ def is_smart_skipped(line: str) -> bool:
@pytest.mark.authorization
@pytest.mark.ticket(bz=1294670, gh=3969)
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
@pytest.mark.require(
lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
"SSSD was built without support for running under non-root",
)
def test_sudo__local_users_negative_cache(client: Client, provider: LDAP, sssd_service_user: str):
def test_sudo__local_users_negative_cache(client: Client, provider: LDAP):
"""
:title: Sudo responder hits negative cache for local users
:setup:
Expand All @@ -539,7 +522,6 @@ def test_sudo__local_users_negative_cache(client: Client, provider: LDAP, sssd_s
client.local.user("user-1").add()
client.fs.write("/etc/sudoers.d/test", "user-1 ALL=(ALL) NOPASSWD:ALL")

client.sssd.set_service_user(sssd_service_user)
client.sssd.common.sudo()
client.sssd.nss.update(
entry_negative_timeout="0", # disable standard negative cache to make sure we hit the local user case
Expand Down
Loading