From cfe8ef5c60ae33247bf38bdb3aa34c8b8dc06f46 Mon Sep 17 00:00:00 2001
From: Patrik Rosecky <prosecky@redhat.com>
Date: Thu, 7 Sep 2023 11:29:28 +0200
Subject: [PATCH] Tests: alltests/test_sss_cache.py converted to
 multihost/test_sssctl.py

Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
---
 .../multihost/alltests/test_sss_cache.py      |  1 +
 src/tests/system/tests/test_sssctl.py         | 43 +++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/src/tests/multihost/alltests/test_sss_cache.py b/src/tests/multihost/alltests/test_sss_cache.py
index 6e7b34b8cd0..4215f9aca29 100644
--- a/src/tests/multihost/alltests/test_sss_cache.py
+++ b/src/tests/multihost/alltests/test_sss_cache.py
@@ -14,6 +14,7 @@
 @pytest.mark.usefixtures('setup_sssd_krb', 'create_posix_usersgroups')
 @pytest.mark.sss_cache
 class TestSssCache(object):
+    @pytest.mark.converted('test_sssctl.py', 'test_sssctl__reset_cached_timestamps')
     @pytest.mark.tier1_2
     def test_sss_cache_reset(self, multihost, backupsssdconf):
         """
diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py
index 1af1db55cc3..6a2135dbe9b 100644
--- a/src/tests/system/tests/test_sssctl.py
+++ b/src/tests/system/tests/test_sssctl.py
@@ -8,6 +8,7 @@
 
 import pytest
 from sssd_test_framework.roles.client import Client
+from sssd_test_framework.roles.ldap import LDAP
 from sssd_test_framework.topology import KnownTopology
 
 
@@ -140,3 +141,45 @@ def test_sssctl__handle_implicit_domain(client: Client):
         cmd = client.sssctl.user_show(user=user)
         assert cmd.rc == 0
         assert "Cache entry creation date" in cmd.stdout
+
+
+@pytest.mark.ticket(bz=1902280)
+@pytest.mark.topology(KnownTopology.LDAP)
+def test_sssctl__reset_cached_timestamps(client: Client, ldap: LDAP):
+    """
+    :title: fix sssctl cache-expire to also reset cached timestamp
+    :setup:
+        1. Add user to LDAP
+        2. Add group to LDAP
+        3. Set proper domain config options in sssd.conf file
+        4. Start SSSD
+    :steps:
+        1. Call getent group
+        2. Modify group entry in LDAP
+        3. Call 'sssctl cache-expire -E'
+        4. Call getent group
+    :expectedresults:
+        1. Group is properly cached, user is its member
+        2. Member of group is removed, group entry changed
+        3. Whole cache is invalidated
+        4. User is not member of group anymore
+    :customerscenario: True
+    """
+    u = ldap.user("user1").add()
+    ldap.group("group1", rfc2307bis=True).add().add_member(u)
+
+    client.sssd.domain["ldap_schema"] = "rfc2307bis"
+    client.sssd.domain["ldap_group_member"] = "member"
+
+    client.sssd.start()
+
+    res1 = client.tools.getent.group("group1")
+    assert res1 is not None
+    assert "user1" in res1.members
+
+    ldap.group("group1", rfc2307bis=True).remove_member(ldap.user("user1"))
+    client.sssctl.cache_expire(everything=True)
+
+    res1 = client.tools.getent.group("group1")
+    assert res1 is not None
+    assert "user1" not in res1.members