Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cherrypick to sssd-2-9 - tests: housekeeping - schema #7527

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/tests/system/pytest.ini
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ markers =
config:
contains_workaround_for(gh=...,bz=...):
identity:
schema:
integration:
slow:
tools:
ticket_tools = bz,gh,jira
Expand Down
136 changes: 130 additions & 6 deletions src/tests/system/tests/test_cache.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,14 @@
import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericProvider
from sssd_test_framework.topology import KnownTopologyGroup
from sssd_test_framework.roles.ldap import LDAP
from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup


@pytest.mark.importance("critical")
@pytest.mark.integration
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_cache__is_refreshed_as_configured(client: Client, provider: GenericProvider):
def test_cache__entries_are_refreshed_as_configured(client: Client, provider: GenericProvider):
"""
:title: Ensuring LDB cache refreshes at configured intervals
:setup:
Expand Down Expand Up @@ -86,8 +88,10 @@ def test_cache__is_refreshed_as_configured(client: Client, provider: GenericProv
assert last_update[s] <= (int(y[1][0])), f"{s} lastUpdate value is greater than expected!"


@pytest.mark.integration
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_cache__search_for_user_in_ldb_databases(client: Client, provider: GenericProvider):
def test_cache__writes_to_both_database_files(client: Client, provider: GenericProvider):
"""
:title: Search for user in the following ldb databases, cache_*.ldb and timestamp_*.ldb
:setup:
Expand Down Expand Up @@ -118,8 +122,12 @@ def test_cache__search_for_user_in_ldb_databases(client: Client, provider: Gener
assert ldb2 != {}, f"ldbsearch failed to find user1 in {timestamps}"


@pytest.mark.integration
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_cache__search_for_user_using_fully_qualified_name_in_ldb_databases(client: Client, provider: GenericProvider):
def test_cache__writes_to_both_database_files_when_using_fully_qualified_names(
client: Client, provider: GenericProvider
):
"""
:title: Search for user using fully qualified name in the following ldb databases, cache_*.ldb and timestamp_*.ldb
:setup:
Expand Down Expand Up @@ -150,8 +158,10 @@ def test_cache__search_for_user_using_fully_qualified_name_in_ldb_databases(clie
assert ldb2 != {}, f"ldbsearch failed to find user1@test in {timestamps}"


@pytest.mark.integration
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_cache__check_ldb_database_for_latest_user_changes_when_modified_and_deleted(
def test_cache__user_entries_contains_latest_changes_when_modified_and_deleted(
client: Client, provider: GenericProvider
):
"""
Expand Down Expand Up @@ -194,3 +204,117 @@ def test_cache__check_ldb_database_for_latest_user_changes_when_modified_and_del
result = client.tools.getent.passwd("user-modify")
assert result is not None, "User not found!"
assert result.shell == "/bin/sh", "User shell did not update!"


@pytest.mark.integration
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_cache__extra_attributes_are_stored(client: Client, provider: GenericProvider):
"""
:title: Extra attributes are cached
:setup:
1. Create user "user1"
2. Edit SSSD configuration and set "ldap_user_extra_attrs =
description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber" and
"ldap_id_mapping = false"
3. Start SSSD
:steps:
1. Lookup user
2. Lookup user in cache
:expectedresults:
1. User is found
2. User is found and cache contains correct attributes and values
:customerscenario: True
"""
provider.user("user1").add(gid=111111, uid=100110, gecos="gecos user1", shell="/bin/sh", home="/home/user1")
client.sssd.domain["ldap_user_extra_attrs"] = (
"description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber"
)
client.sssd.domain["ldap_id_mapping"] = "false"
client.sssd.start()

result = client.tools.getent.passwd("user1")
assert result is not None, "User not found!"

search = client.ldb.search(
f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb"
)

user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"]
assert user_dict["description"] == ["gecos user1"], "attribute 'description' was not correct"
assert user_dict["shell"] == ["/bin/sh"], "attribute 'shell' was not correct"
assert user_dict["userID"] == ["100110"], "attribute 'userID' was not correct"
assert user_dict["groupID"] == ["111111"], "attribute 'groupID' was not correct"


@pytest.mark.integration
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_cache__extra_attributes_with_empty_values_are_ignored(client: Client, provider: GenericProvider):
"""
:title: When extra attribute of user is added but not assigned, it is neither cached nor displayed
:setup:
1. Create user "user1"
2. Configure SSSD with "ldap_user_extra_attr = number:telephonenumber"
3. Start SSSD
:steps:
1. Lookup user
2. Lookup user in cache
:expectedresults:
1. User is found
2. User is found and does not have the extra numbers attribute
:customerscenario: False
"""
provider.user("user1").add()
client.sssd.domain["ldap_user_extra_attrs"] = "number:telephonenumber"
client.sssd.start()

result = client.tools.getent.passwd("user1")
assert result is not None, "User is not found!"

search = client.ldb.search(
f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb"
)
assert search != {}, "User not found!"

search = client.ldb.search(f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", "number=*")
assert search == {}


@pytest.mark.integration
@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.LDAP)
def test_cache__both_ldap_user_email_and_extra_attribute_email_are_stored(client: Client, ldap: LDAP):
"""
:title: Setting ldap_user_email and email using extra attributes are cached
:setup:
1. Create user "user1" with gecos and mail attributes`
2. Configure SSSD with "ldap_user_extra_attrs = email:mail, description:gecos" and
"ldap_user_email = mail"
3. Start SSSD
:steps:
1. Lookup user
2. Lookup user in cache
:expectedresults:
1. User is found
2. User is found with description, mail and email attributes
:customerscenario: False
"""
ldap.user("user1").add(gecos="gecos1", mail="[email protected]")

client.sssd.domain["ldap_user_email"] = "mail"
client.sssd.domain["ldap_user_extra_attrs"] = "email:mail, description:gecos"
client.sssd.start()

result = client.tools.getent.passwd("user1")
assert result is not None, "User is not found"
assert result.name == "user1", "User has wrong name"

search = client.ldb.search(
f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb"
)

user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"]
assert user_dict["description"] == ["gecos1"], "attribute 'description' was not correct"
assert user_dict["mail"] == ["[email protected]"], "attribute 'mail' was not correct"
assert user_dict["email"] == ["[email protected]"], "attribute 'email' was not correct"
171 changes: 17 additions & 154 deletions src/tests/system/tests/test_schema.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
"""
schema tests.
SSSD Schema Tests.

Tests related to directory schemas, formal definitions of LDAP objectClasses and attributes.

These tests are generic topology and will run against AD, Samba, IPA and LDAP.
Specific topologies test may reside in their corresponding test file.

:requirement: ldap_extra_attrs
"""
Expand All @@ -9,177 +14,35 @@
import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericProvider
from sssd_test_framework.roles.ldap import LDAP
from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup
from sssd_test_framework.topology import KnownTopologyGroup


@pytest.mark.importance("high")
@pytest.mark.schema
@pytest.mark.ticket(gh=4153, bz=1362023)
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
@pytest.mark.parametrize("attrs", ["mail, firstname:givenname, lastname:sn", "given_email:mail"])
def test_schema__ldap_extra_attrs_filled(client: Client, provider: GenericProvider, attrs: str):
def test_schema__user_extra_attributes_are_populated(client: Client, provider: GenericProvider, attrs: str):
"""
:title: SSSD starts correctly when ldap_user_extra_attrs is filled
:title: SSSD starts correctly when ldap_extra_attrs is configured
:setup:
1. Create new user "tuser"
2. Add "given_email:mail" to ldap_user_extra_attrs
1. Create user "user1"
2. Configure SSSD with "ldap_user_extra_attrs = attribute:value"
:steps:
1. Start SSSD
2. Run "getent passwd tuser"
2. Lookup user
:expectedresults:
1. SSSD starts successfully
2. "tuser" is present in the passwd db
1. SSSD starts with no errors
2. User found and name matches
:customerscenario: False
"""
provider.user("tuser").add()
provider.user("user1").add()
client.sssd.domain["ldap_user_extra_attrs"] = attrs

try:
client.sssd.start()
except Exception as e:
pytest.fail(f"Exception shouldn't be raised but we got {type(e)}: str(e)")

result = client.tools.getent.passwd("tuser")
assert result is not None
assert result.name == "tuser"


@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_schema__ldap_extra_attrs_check_ldb(client: Client, provider: GenericProvider):
"""
:title: Recently added extra attributes should be in cache db along with their value
:setup:
1. Create new user "user1"
2. Add "description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber" to ldap_user_extra_attrs
3. Add "ldap_id_mapping" to domain config, to ensure correct ids on all topologies
4. Start SSSD
:steps:
1. Run "getent passwd user1" to store user attributes to cache
2. Run ldbsearch command
:expectedresults:
1. User is found
2. Result has correct values
:customerscenario: True
"""
provider.user("user1").add(gid=111111, uid=100110, gecos="gecos user1", shell="/bin/sh", home="/home/user1")
client.sssd.domain["ldap_user_extra_attrs"] = (
"description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber"
)
client.sssd.domain["ldap_id_mapping"] = "false"
client.sssd.start()

result = client.tools.getent.passwd("user1")
assert result is not None, "getent passwd user1 failed"

search = client.ldb.search(
f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb"
)

user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"]
assert user_dict["description"] == ["gecos user1"], "attribute 'description' was not correct"
assert user_dict["shell"] == ["/bin/sh"], "attribute 'shell' was not correct"
assert user_dict["userID"] == ["100110"], "attribute 'userID' was not correct"
assert user_dict["groupID"] == ["111111"], "attribute 'groupID' was not correct"


@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_schema__ldap_extra_attrs_negative_cache(client: Client, provider: GenericProvider):
"""
:title: When extra attribute of user is added but not assigned, it is neither cached nor displayed
:setup:
1. Create new user "user1"
2. Add "number:telephonenumber" to ldap_user_extra_attrs
3. Start SSSD
:steps:
1. Run "getent passwd user1" to store user to cache
2. Run ldbsearch command
:expectedresults:
1. User is found
2. "number" is not in the output
:customerscenario: False
"""
provider.user("user1").add()

client.sssd.domain["ldap_user_extra_attrs"] = "number:telephonenumber"

client.sssd.start()

result = client.tools.getent.passwd("user1")
assert result is not None, "User is not found"
assert result.name == "user1", "User has wrong name"

search = client.ldb.search(
f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb"
)

user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"]
with pytest.raises(KeyError):
user_dict["number"]


@pytest.mark.topology(KnownTopology.LDAP)
def test_schema__ldap_extra_attrs_extra_email(client: Client, ldap: LDAP):
"""
:title: SSSD starts with ldap_user_email and ldap_user_extra_attrs and checks cached attributes
:setup:
1. Create new user "user1", set them mail and gecos
2. Edit config - ldap_user_extra_attrs = "email:mail, description:gecos" and ldap_user_email = "mail"
3. Start SSSD
:steps:
1. Run "getent passwd user1" to store user to cache
2. Run ldbsearch command to get cached info
:expectedresults:
1. User is found
2. "mail" and "email" are in the output with correct value
:customerscenario: False
"""
ldap.user("user1").add(gecos="gecos1", mail="[email protected]")

client.sssd.domain["ldap_user_email"] = "mail"
client.sssd.domain["ldap_user_extra_attrs"] = "email:mail, description:gecos"
client.sssd.sssd["services"] = "nss, pam, ifp"
client.sssd.start()

result = client.tools.getent.passwd("user1")
assert result is not None, "User is not found"
assert result.name == "user1", "User has wrong name"

search = client.ldb.search(
f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb"
)

user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"]
assert user_dict["description"] == ["gecos1"], "attribute 'descripion' was not correct"
assert user_dict["mail"] == ["[email protected]"], "attribute 'mail' was not correct"
assert user_dict["email"] == ["[email protected]"], "attribute 'email' was not correct"


@pytest.mark.ticket(bz=1667252)
@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_schema__ldap_extra_attrs_ifp(client: Client, provider: GenericProvider):
"""
:title: ifp do not crash when requesting extra attributes
:setup:
1. Create new user "user1"
2. Configure 'test' ldap user extra attribute
3. Start SSSD
:steps:
1. Run "sssctl user-checks user1"
2. Check SSSD status
:expectedresults:
1. Command succeeded
2. Checked successfully
:customerscenario: True
"""
provider.user("user1").add()
client.sssd.sssd["services"] = "nss, pam, ifp"
client.sssd.domain["ldap_user_extra_attrs"] = "test:homeDirectory"
client.sssd.ifp["user_attributes"] = "+test"
client.sssd.start()

result = client.sssctl.user_checks("user1")
assert result.rc == 0, "sssctl user-checks command failed"

result = client.sssd.svc.status("sssd")
assert result.rc == 0, "service status sssd failed"
assert result is not None, "User not found!"
assert result.name == "user1", f"User 'user1' name is not the expected value `{result.name}`!"
Loading