diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2afb77458a8..f23899cb04b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -135,124 +135,6 @@ jobs: path: | ./sssd/ci-build-debug/*.valgrind.log - multihost: - needs: [prepare, build] - strategy: - fail-fast: false - matrix: - tag: ${{ fromJson(needs.prepare.outputs.matrix).multihost }} - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout sssd repository - uses: actions/checkout@v4 - with: - path: sssd - - - name: Setup containers - uses: SSSD/sssd-ci-containers/actions/setup@master - with: - path: sssd-ci-containers - tag: ${{ matrix.tag }} - limit: dns client - override: | - services: - client: - image: ${REGISTRY}/ci-client-devel:${TAG} - shm_size: 4G - tmpfs: - - /dev/shm - volumes: - - ../sssd:/sssd:rw - - - name: Build SSSD on the client - uses: SSSD/sssd-ci-containers/actions/exec@master - with: - log-file: multihost-build.log - working-directory: /sssd - script: | - #!/bin/bash - set -ex - - ./contrib/ci/run --deps-only - autoreconf -if - - mkdir -p /dev/shm/sssd - pushd /dev/shm/sssd - /sssd/configure --enable-silent-rules - make rpms - - - name: Install SSSD on the client - uses: SSSD/sssd-ci-containers/actions/exec@master - with: - log-file: multihost-install.log - user: root - script: | - #!/bin/bash - set -ex - - dnf remove -y --noautoremove sssd\* - dnf install -y /dev/shm/sssd/rpmbuild/RPMS/*/*.rpm - rm -fr /dev/shm/sssd - test -x /usr/bin/sss_ssh_knownhosts && \ - sed -e 's/GlobalKnownHostsFile/#GlobalKnownHostsFile/' \ - -e 's/ProxyCommand \/usr\/bin\/sss_ssh_knownhostsproxy -p %p %h/KnownHostsCommand \/usr\/bin\/sss_ssh_knownhosts %H/' \ - -i /etc/ssh/ssh_config.d/04-ipa.conf - - - name: Install multihost tests dependencies - shell: bash - run: | - set -ex - - sudo apt-get update - - # Install certutil and dependencies for python-ldap - sudo apt-get install -y libnss3-tools libsasl2-dev python3-dev libldap2-dev libssl-dev - - # Virtualenv - pip3 install virtualenv - python3 -m venv .venv - source .venv/bin/activate - - # Install multihost tests requirements - pip3 install -r ./sssd/src/tests/multihost/requirements.txt - - - name: Create multihost configuration - uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 - with: - path: mhc.yml - write-mode: overwrite - contents: | - root_password: 'Secret123' - domains: - - name: tier0.tests - type: sssd - hosts: - - name: client - external_hostname: client.test - role: master - - - name: Run basic multihost tests - run: | - set -ex -o pipefail - - source .venv/bin/activate - export PYTHONPATH="${PYTHONPATH}:$(realpath ./sssd/src/tests/multihost)" - pytest -s --multihost-config=./mhc.yml ./sssd/src/tests/multihost/basic |& tee multihost-pytest.log - - - name: Upload artifacts - if: always() - uses: actions/upload-artifact@v4 - with: - if-no-files-found: ignore - name: ${{ matrix.tag }}-multihost - path: | - sssd/ci-install-deps.log - multihost-build.log - multihost-install.log - multihost-pytest.log - system: needs: [prepare, build] strategy: @@ -436,12 +318,11 @@ jobs: name: All tests are successful if: ${{ always() }} runs-on: ubuntu-latest - needs: [build, intgcheck, multihost, system] + needs: [build, intgcheck, system] steps: - name: Fail on failure if: | needs.build.result != 'success' || needs.intgcheck.result != 'success' - || needs.multihost.result != 'success' || needs.system.result != 'success' run: exit 1 diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py deleted file mode 100644 index beedb3affa4..00000000000 --- a/src/tests/multihost/basic/conftest.py +++ /dev/null @@ -1,480 +0,0 @@ -from sssd.testlib.common.libkrb5 import krb5srv -from sssd.testlib.common.utils import sssdTools, PkiTools -from sssd.testlib.common.utils import LdapOperations -from sssd.testlib.common.libdirsrv import DirSrvWrap -from sssd.testlib.common.exceptions import PkiLibException -from sssd.testlib.common.exceptions import LdapException -from sssd.testlib.common.exceptions import SSSDException -from sssd.testlib.common.paths import SSSD_DEFAULT_CONF - -import pytest -try: - import ConfigParser -except ImportError: - import configparser as ConfigParser -import os -import tempfile -import ldap - - -pytest_plugins = ( - 'sssd.testlib.common.fixtures', - 'pytest_importance', - 'pytest_ticket', - 'sssd.testlib.common.custom_log', -) - - -def pytest_configure(): - pytest.num_masters = 1 - pytest.num_ad = 0 - pytest.num_atomic = 0 - pytest.num_replicas = 0 - pytest.num_clients = 0 - pytest.num_others = 0 - - -@pytest.fixture(scope="class") -def multihost(session_multihost): - """ multihost fixture """ - return session_multihost - - -@pytest.fixture(scope="session") -def package_install(session_multihost): - """ Install required packages """ - distro = session_multihost.master[0].distro - pkg_list = 'acl authselect nss-tools 389-ds-base krb5-server '\ - 'openldap-clients krb5-workstation '\ - 'sssd sssd-dbus sssd-kcm ' \ - 'expect ldb-tools sssd-tools' - cmd = 'yum install -y %s' % (pkg_list) - if '8.' in distro: - enableidm = 'yum -y module enable idm:DL1' - session_multihost.master[0].run_command(enableidm) - session_multihost.master[0].run_command(cmd) - - -@pytest.fixture(scope="session") -def run_authselect(session_multihost): - """ Run authconfig to configure Kerberos and SSSD auth on remote host """ - authselect_cmd = 'authselect select sssd with-mkhomedir --force' - session_multihost.master[0].run_command(authselect_cmd) - - -@pytest.fixture(scope="session") -def nssdir(session_multihost): - """ Setup Self signed CA """ - server_list = [session_multihost.master[0].sys_hostname] - pki_inst = PkiTools() - try: - certdb = pki_inst.createselfsignedcerts(server_list) - except PkiLibException as err: - return (err.msg, err.rval) - else: - return certdb - - -@pytest.fixture(scope="session") -def setup_ldap(session_multihost, nssdir, request): - """ Setup Directory Server """ - ds_obj = DirSrvWrap(session_multihost.master[0], ssl=True, ssldb=nssdir) - ds_obj.create_ds_instance('example1', 'dc=example,dc=test') - - def remove_ldap(): - """ Remove ldap server instance """ - ds_obj.remove_ds_instance('example1') - request.addfinalizer(remove_ldap) - - -@pytest.fixture(scope="session") -def setup_kerberos(session_multihost, request): - """ Setup kerberos """ - tools = sssdTools(session_multihost.master[0]) - tools.config_etckrb5('EXAMPLE.TEST') - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - krb.krb_setup_new() - - def remove_kerberos(): - """ Remove kerberos instance """ - krb.destroy_krb5server() - remove_keytab = 'rm -f /etc/krb5.keytab' - session_multihost.master[0].run_command(remove_keytab) - request.addfinalizer(remove_kerberos) - - -@pytest.fixture(scope='class', autouse=True) -def setup_sssd(session_multihost, request): - """ Configure sssd.conf """ - domain_section = 'domain/EXAMPLE.TEST' - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - krb5_server = session_multihost.master[0].sys_hostname - cacert_loc = '/etc/openldap/cacerts/cacert.pem' - sssdConfig = ConfigParser.ConfigParser() - sssdConfig.optionxform = str - sssdConfig.add_section('sssd') - sssdConfig.set('sssd', 'domains', 'EXAMPLE.TEST') - sssdConfig.set('sssd', 'services', 'nss, pam, sudo, ifp') - sssdConfig.add_section(domain_section) - sssdConfig.set(domain_section, 'enumerate', 'false') - sssdConfig.set(domain_section, 'id_provider', 'ldap') - sssdConfig.set(domain_section, 'ldap_uri', ldap_uri) - sssdConfig.set(domain_section, 'ldap_search_base', 'dc=example,dc=test') - sssdConfig.set(domain_section, 'ldap_tls_cacert', cacert_loc) - sssdConfig.set(domain_section, 'auth_provider', 'krb5') - sssdConfig.set(domain_section, 'krb5_server', krb5_server) - sssdConfig.set(domain_section, 'krb5_kpasswd', krb5_server) - sssdConfig.set(domain_section, 'krb5_realm', 'EXAMPLE.TEST') - sssdConfig.set(domain_section, 'debug_level', '9') - sssdConfig.set(domain_section, 'ldap_sudo_random_offset', '0') - sssdConfig.add_section('nss') - sssdConfig.set('nss', 'debug_level', '9') - sssdConfig.add_section('pam') - sssdConfig.set('pam', 'debug_level', '9') - sssdConfig.add_section('kcm') - sssdConfig.set('kcm', 'debug_level', '9') - temp_fd, temp_file_path = tempfile.mkstemp(suffix='conf', prefix='sssd') - with open(temp_file_path, "w") as outfile: - sssdConfig.write(outfile) - session_multihost.master[0].transport.put_file(temp_file_path, - SSSD_DEFAULT_CONF) - sssdTools(session_multihost.master[0]).fix_sssd_conf_perms() - os.close(temp_fd) - try: - session_multihost.master[0].service_sssd('restart') - except SSSDException: - journalctl_cmd = "journalctl -x -n 50 --no-pager" - session_multihost.master[0].run_command(journalctl_cmd) - assert False - - def stop_sssd(): - """ Stop sssd service """ - session_multihost.master[0].service_sssd('stop') - sssd_cache = ['cache_%s.ldb' % ('EXAMPLE.TEST'), 'config.ldb', - 'sssd.ldb', 'timestamps_%s.ldb' % ('EXAMPLE.TEST')] - for cache_file in sssd_cache: - db_file = '/var/lib/sss/db/%s' % (cache_file) - session_multihost.master[0].run_command(['rm', '-f', db_file]) - secrets_db = '/var/lib/sss/secrets/secrets.ldb' - session_multihost.master[0].run_command(['rm', '-f', secrets_db]) - request.addfinalizer(stop_sssd) - - -@pytest.fixture -def enable_kcm(session_multihost, request): - """ Enable sssd kcm """ - backup_krb5_conf = 'cp /etc/krb5.conf /etc/krb5.conf.nokcm' - session_multihost.master[0].run_command(backup_krb5_conf) - session_multihost.master[0].service_sssd('stop') - tools = sssdTools(session_multihost.master[0]) - tools.enable_kcm() - start_kcm = 'systemctl start sssd-kcm' - session_multihost.master[0].service_sssd('start') - session_multihost.master[0].run_command(start_kcm) - - def disable_kcm(): - """ Disable sssd kcm """ - restore_krb5_conf = 'cp /etc/krb5.conf.nokcm /etc/krb5.conf' - session_multihost.master[0].run_command(restore_krb5_conf) - stop_kcm = 'systemctl stop sssd-kcm' - session_multihost.master[0].run_command(stop_kcm) - request.addfinalizer(disable_kcm) - - -@pytest.fixture(scope='session') -def enable_oddjob(session_multihost, request): - """Enables and starts oddjob service""" - check_enabled = session_multihost.master[0].run_command( - 'systemctl is-enabled oddjobd.service', raiseonerr=False) - enabled = "enabled" in check_enabled.stdout_text - check_active = session_multihost.master[0].run_command( - 'systemctl is-active oddjobd.service', raiseonerr=False) - active = "inactive" not in check_active.stdout_text - if not enabled: - session_multihost.master[0].run_command( - 'systemctl enable oddjobd.service', raiseonerr=False) - if not active: - session_multihost.master[0].run_command( - 'systemctl start oddjobd.service', raiseonerr=False) - - def revert_odjob(): - """Reverts changes to oddjob service.""" - if not enabled: - session_multihost.master[0].run_command( - 'systemctl disable oddjobd.service', raiseonerr=False) - if not active: - session_multihost.master[0].run_command( - 'systemctl stop oddjobd.service', raiseonerr=False) - - request.addfinalizer(revert_odjob) - - -@pytest.fixture -def create_casesensitive_posix_user(session_multihost): - """ Create a case sensitive posix user """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - username = 'CAPSUSER-1' - user_info = {'cn': username, - 'uid': username, - 'uidNumber': '24583100', - 'gidNumber': '14564100'} - ldap_inst.posix_user("ou=People", "dc=example,dc=test", user_info) - krb.add_principal('CAPSUSER-1', 'user', 'Secret123') - - -@pytest.fixture -def set_case_sensitive_false(session_multihost, request): - """ Set case_sensitive to false in sssd domain section """ - tools = sssdTools(session_multihost.master[0]) - tools.backup_sssd_conf() - session_multihost.master[0].transport.get_file(SSSD_DEFAULT_CONF, - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST') - if domain_section in sssdconfig.sections(): - sssdconfig.set(domain_section, 'case_sensitive', 'false') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - SSSD_DEFAULT_CONF) - tools.fix_sssd_conf_perms() - session_multihost.master[0].service_sssd('restart') - - def restore_sssd(): - """ Restore sssd.conf """ - tools.restore_sssd_conf() - request.addfinalizer(restore_sssd) - - -@pytest.fixture -def set_entry_cache_sudo_timeout(session_multihost, request): - """ Set entry cache sudo timeout in sssd.conf """ - tools = sssdTools(session_multihost.master[0]) - tools.backup_sssd_conf() - session_multihost.master[0].transport.get_file(SSSD_DEFAULT_CONF, - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST') - if domain_section in sssdconfig.sections(): - sssdconfig.set(domain_section, 'entry_cache_sudo_timeout', '30') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - SSSD_DEFAULT_CONF) - tools.fix_sssd_conf_perms() - - session_multihost.master[0].service_sssd('restart') - - def restore_sssd(): - """ Restore sssd.conf """ - tools.restore_sssd_conf() - request.addfinalizer(restore_sssd) - - -@pytest.fixture -def generic_sudorule(session_multihost, request): - """ Create a generic sudo rule """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - ldap_inst.org_unit('sudoers', 'dc=example,dc=test') - sudo_ou = 'ou=sudoers,dc=example,dc=test' - rule_dn1 = "%s,%s" % ('cn=lessrule', sudo_ou) - sudo_options = ["!requiretty", "!authenticate"] - try: - ldap_inst.add_sudo_rule(rule_dn1, 'ALL', - '/usr/bin/less', 'foo1', - sudo_options) - except LdapException: - pytest.fail("Failed to add sudo rule %s" % rule_dn1) - - def del_sudo_rule(): - """ Delete sudo rule """ - (ret, _) = ldap_inst.del_dn(rule_dn1) - assert ret == 'Success' - (ret, _) = ldap_inst.del_dn(sudo_ou) - assert ret == 'Success' - request.addfinalizer(del_sudo_rule) - - -@pytest.fixture -def enable_files_domain(session_multihost): - """ - Enable the implicit files domain - """ - session_multihost.master[0].transport.get_file(SSSD_DEFAULT_CONF, - '/tmp/sssd.conf') - sssdconfig = ConfigParser.RawConfigParser(delimiters=('=')) - sssdconfig.read('/tmp/sssd.conf') - sssd_section = 'sssd' - if sssd_section in sssdconfig.sections(): - sssdconfig.set(sssd_section, 'enable_files_domain', 'true') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - SSSD_DEFAULT_CONF) - sssdTools(session_multihost.master[0]).fix_sssd_conf_perms() - session_multihost.master[0].service_sssd('restart') - - -@pytest.fixture(scope="class") -def files_domain_users_class(request, session_multihost): - users = ('lcl1', 'lcl2', 'lcl3') - for user in users: - useradd_cmd = "useradd %s" % (user) - session_multihost.master[0].run_command(useradd_cmd) - - no_home_users = ('no_home_user', ) - for user in no_home_users: - useradd_cmd = "useradd --no-create-home %s" % (user) - session_multihost.master[0].run_command(useradd_cmd) - usermod_cmd = "usermod -d /tmp %s" % (user) - session_multihost.master[0].run_command(usermod_cmd) - - def teardown_files_domain_users(): - for user in users + no_home_users: - userdel_cmd = "userdel %s" % (user) - session_multihost.master[0].run_command(userdel_cmd) - request.addfinalizer(teardown_files_domain_users) - - -@pytest.fixture -def case_sensitive_sudorule(session_multihost, - create_casesensitive_posix_user, - request): - """ Create posix user and groups """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - ldap_inst.org_unit('sudoers', 'dc=example,dc=test') - sudo_ou = 'ou=sudoers,dc=example,dc=test' - rule_dn1 = "%s,%s" % ('cn=lessrule', sudo_ou) - rule_dn2 = "%s,%s" % ('cn=morerule', sudo_ou) - sudo_options = ["!requiretty", "!authenticate"] - try: - ldap_inst.add_sudo_rule(rule_dn1, 'ALL', - '/usr/bin/less', 'capsuser-1', - sudo_options) - except LdapException: - pytest.fail("Failed to add sudo rule %s" % rule_dn1) - try: - ldap_inst.add_sudo_rule(rule_dn2, 'ALL', - '/usr/bin/more', 'CAPSUSER-1', - sudo_options) - except LdapException: - pytest.fail("Failed to add sudo rule %s" % rule_dn2) - - def del_sensitive_sudo_rule(): - """ Delete sudo rule """ - (ret, _) = ldap_inst.del_dn(rule_dn1) - assert ret == 'Success' - (ret, _) = ldap_inst.del_dn(rule_dn2) - assert ret == 'Success' - (ret, _) = ldap_inst.del_dn(sudo_ou) - assert ret == 'Success' - request.addfinalizer(del_sensitive_sudo_rule) - - -@pytest.fixture -def enable_sss_sudo_nsswitch(session_multihost, tmpdir, request): - """Enable sss backend for sudoers in nsswitch.conf """ - conf = '/etc/nsswitch.conf' - local_conf = tmpdir.mkdir("tmpdir").join('nsswitch.conf') - backup_cmd = "cp -f /etc/nsswitch.conf /etc/nsswitch.conf.backup" - session_multihost.master[0].run_command(backup_cmd) - content = '\nsudoers: sss\n' - session_multihost.master[0].transport.get_file(conf, str(local_conf)) - - local_conf.write(content, mode='a') - session_multihost.master[0].transport.put_file(str(local_conf), - '/etc/nsswitch.conf') - - def restore_nsswitch(): - """ Restore nsswitch.conf """ - restore_cmd = 'cp -f /etc/nsswitch.conf.backup /etc/nsswitch.conf' - session_multihost.master[0].run_command(restore_cmd) - request.addfinalizer(restore_nsswitch) - - -@pytest.fixture(scope='session') -def create_posix_usersgroups(session_multihost): - """ Create posix user and groups """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - for i in range(10): - user_info = {'cn': 'foo%d' % i, - 'uid': 'foo%d' % i, - 'uidNumber': '1458310%d' % i, - 'gidNumber': '14564100', - 'userPassword': 'Secret123'} - if ldap_inst.posix_user("ou=People", "dc=example,dc=test", user_info): - krb.add_principal('foo%d' % i, 'user', 'Secret123') - else: - print("Unable to add ldap User %s" % (user_info)) - assert False - memberdn = 'uid=%s,ou=People,dc=example,dc=test' % ('foo0') - group_info = {'cn': 'ldapusers', - 'gidNumber': '14564100', - 'uniqueMember': memberdn} - try: - ldap_inst.posix_group("ou=Groups", "dc=example,dc=test", group_info) - except LdapException: - assert False - group_dn = 'cn=ldapusers,ou=Groups,dc=example,dc=test' - for i in range(1, 10): - user_dn = 'uid=foo%d,ou=People,dc=example,dc=test' % i - add_member = [(ldap.MOD_ADD, 'uniqueMember', user_dn.encode('utf-8'))] - (ret, _) = ldap_inst.modify_ldap(group_dn, add_member) - assert ret == 'Success' - - -@pytest.fixture(scope='session') -def create_many_user_principals(session_multihost): - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - for i in range(1, 65): - username = "user%04d" % i - krb.add_principal(username, 'user', 'Secret123') - - -@pytest.fixture(scope="session", autouse=True) -def setup_session(request, session_multihost, - package_install, - run_authselect, - setup_ldap, - setup_kerberos, - create_posix_usersgroups, - enable_oddjob, - create_testdir): - """ Run all session scoped fixtures """ - tp = TestPrep(session_multihost) - tp.setup() - - def teardown_session(): - """ Run teardown session scoped fixtures """ - tp.teardown() - request.addfinalizer(teardown_session) - - -class TestPrep(object): - """ Initialize Session """ - def __init__(self, multihost): - self.multihost = multihost - - def setup(self): - """ Start session """ - print("\n............Session Setup...............") - - def teardown(self): - """ End session """ - print("\n............Session Ends.................") diff --git a/src/tests/multihost/basic/mhc.yaml b/src/tests/multihost/basic/mhc.yaml deleted file mode 100644 index 24d505481a6..00000000000 --- a/src/tests/multihost/basic/mhc.yaml +++ /dev/null @@ -1,8 +0,0 @@ -root_password: 'vagrant' -domains: -- name: tier0.tests - type: sssd - hosts: - - name: client - external_hostname: client.test - role: master diff --git a/src/tests/multihost/basic/pytest.ini b/src/tests/multihost/basic/pytest.ini deleted file mode 100644 index d65ce07a35b..00000000000 --- a/src/tests/multihost/basic/pytest.ini +++ /dev/null @@ -1,3 +0,0 @@ -[pytest] -markers = - converted: Tests that are already converted to the new framework. diff --git a/src/tests/multihost/basic/test_ifp.py b/src/tests/multihost/basic/test_ifp.py deleted file mode 100644 index a8cf24b9f6c..00000000000 --- a/src/tests/multihost/basic/test_ifp.py +++ /dev/null @@ -1,37 +0,0 @@ -"""InfoPipe test cases - -:requirement: IDM-SSSD-REQ : Configuration and Service Management -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" -import pytest - - -class TestInfoPipe(object): - """ - Test the InfoPipe responder - """ - def test_ifp_extra_attributes_property(self, multihost): - """ - :title: ifp: requesting the extraAttributes property works - :id: 23b8c7e8-df4b-47ef-b38e-0503040e1d67 - see e.g. https://github.com/SSSD/sssd/issues/4891 - """ - # Note that this test needs dbus-tools package that - # is not implicitly installed here. - check_ifp = "libsss_simpleifp" in multihost.master[0].run_command("rpm -qa").stdout_text - if not check_ifp: - pytest.skip("libsss_simpleifp is not present, skipping test.") - dbus_send_cmd = \ - """ - dbus-send --print-reply --system \ - --dest=org.freedesktop.sssd.infopipe \ - /org/freedesktop/sssd/infopipe/Users/LDAP_2eTEST/123 \ - org.freedesktop.DBus.Properties.Get \ - string:"org.freedesktop.sssd.infopipe.Users.User" \ - string:"extraAttributes" - """ - cmd = multihost.master[0].run_command(dbus_send_cmd) - assert cmd.returncode == 0 diff --git a/src/tests/multihost/basic/test_kcm.py b/src/tests/multihost/basic/test_kcm.py deleted file mode 100644 index bf4cf65b605..00000000000 --- a/src/tests/multihost/basic/test_kcm.py +++ /dev/null @@ -1,54 +0,0 @@ -""" KCM Responder Sanity Test Cases - -:requirement: IDM-SSSD-REQ :: SSSD KCM as default Kerberos CCACHE provider -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" -import os -import re - -import pytest -from pexpect import pxssh -from utils_config import set_param - -from sssd.testlib.common.utils import sssdTools - - -class TestSanityKCM(object): - """ KCM Sanity Test cases """ - - @staticmethod - @pytest.mark.usefixtures("enable_kcm") - def test_ssh_forward_creds(multihost): - """ - :title: kcm: Test that SSH can forward credentials with KCM - :id: f4b0c785-a895-48a1-a55e-7519cf221393 - :ticket: https://github.com/SSSD/sssd/issues/4863 - """ - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True - try: - ssh.login(multihost.master[0].sys_hostname, 'foo3', 'Secret123') - ssh.sendline('kdestroy -A -q') - ssh.prompt(timeout=5) - ssh.sendline('kinit foo9') - ssh.expect('Password for .*:', timeout=10) - ssh.sendline('Secret123') - ssh.prompt(timeout=5) - ssh.sendline('klist') - ssh.prompt(timeout=5) - klist = str(ssh.before) - ssh.sendline(f'ssh -v -o StrictHostKeyChecking=no -K -l foo9 ' - f'{multihost.master[0].sys_hostname} klist') - ssh.prompt(timeout=30) - ssh_output = str(ssh.before) - ssh.logout() - except pxssh.ExceptionPxssh as ex: - pytest.fail(ex) - # Note: The cache is based on uid so for foo3 it is 14583103 and - # for foo9 it is 14583109 (see create_posix_usersgroups fixture) - assert 'KCM:14583103' in klist, "kinit did not work!" - assert 'KCM:14583109' in ssh_output, "Ticket not forwarded!" diff --git a/src/tests/multihost/basic/test_ldapapi.py b/src/tests/multihost/basic/test_ldapapi.py deleted file mode 100644 index fe58830f23a..00000000000 --- a/src/tests/multihost/basic/test_ldapapi.py +++ /dev/null @@ -1,57 +0,0 @@ -""" SSSD LDAP provider tests - -:requirement: IDM-SSSD-REQ : LDAP Provider -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" - -import pytest -from sssd.testlib.common.utils import sssdTools - - -@pytest.fixture -def set_ldap_uri(multihost): - ldap_uri = 'ldapi://%2Frun%2Fslapd-example1.socket' - tools = sssdTools(multihost.master[0]) - domain_name = tools.get_domain_section_name() - master = sssdTools(multihost.master[0]) - domain_params = {'ldap_uri': ldap_uri, - 'ldap_id_use_start_tls': 'false'} - master.sssd_conf(f'domain/{domain_name}', domain_params) - multihost.master[0].service_sssd('restart') - - -@pytest.mark.usefixtures("set_ldap_uri") -class TestLdapApi(object): - """ Basic Ldap Uri Test cases """ - @staticmethod - def test_ssh_user_login(multihost): - """ - :title: Add support for ldapi:// URLs - :bugzilla:https://bugzilla.redhat.com/show_bug.cgi?id=2152177 - :id: 4f4a01a6-da6d-11ed-9c8d-845cf3eff344 - :steps: - 1. Check user can be fetched from master server - 2. Check sssctl command works - 3. Check getent command works - 4. Check user can login to localhost - :expectedresults: - 1. User id should be fetched - 2. Should succeed - 3. Should succeed - 4. User should able to login to localhost - """ - std_out = multihost.master[0].run_command("id foo1").stdout_text - for data in ['foo1', 'ldapusers']: - assert data in std_out - std_out = multihost.master[0].run_command("sssctl user-checks foo1").stdout_text - for data in ["uidNumber", 'foo1', '/bin/bash']: - assert data in std_out - std_out = multihost.master[0].run_command("getent passwd foo1").stdout_text - for data in ['foo1', '/bin/bash']: - assert data in std_out - client = sssdTools(multihost.master[0]) - ssh0 = client.auth_from_client("foo1", 'Secret123') == 3 - assert ssh0, "Authentication Failed as user foo1" diff --git a/src/tests/multihost/basic/utils_config.py b/src/tests/multihost/basic/utils_config.py deleted file mode 100644 index 11b718e1380..00000000000 --- a/src/tests/multihost/basic/utils_config.py +++ /dev/null @@ -1,32 +0,0 @@ -""" Various utilities for manipulating SSSD configuration """ -import configparser as ConfigParser - - -def set_param(multihost, section, key, value): - multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - if section not in sssdconfig.sections(): - sssdconfig.add_section(section) - - sssdconfig.set(section, key, value) - with open(str('/tmp/sssd.conf'), "w") as sssconf: - sssdconfig.write(sssconf) - - multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - - -def remove_section(multihost, section): - multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - sssdconfig.remove_section(section) - - with open(str('/tmp/sssd.conf'), "w") as sssconf: - sssdconfig.write(sssconf) - - multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf')