From 5d730f7e9f1e857bc886556db0229607b8d536d2 Mon Sep 17 00:00:00 2001

From: tbordaz <tbordaz@redhat.com>

Date: Thu, 6 May 2021 18:54:20 +0200

Subject: [PATCH 01/12] Issue 4747 - Remove unstable/unstatus tests from PRCI

 (#4748)

Bug description:

	Some tests (17) in the tests suite (dirsrvtest/tests/suites)

	are failing although there is no regression.

	It needs (long) investigations to status if failures

	are due to a bug in the tests or in DS core.

	Until those investigations are completes, test suites

	loose a large part of its value to detect regression.

	Indeed those failing tests may hide a real regression.

Fix description:

	Flag failing tests with pytest.mark.flaky(max_runs=2, min_passes=1)

	Additional action will be to create upstream 17 ticket to

	status on each failing tests

relates: https://github.com/389ds/389-ds-base/issues/4747

Reviewed by: Simon Pichugin, Viktor Ashirov (many thanks for your

reviews and help)

Platforms tested: F33

---

 .github/workflows/pytest.yml                  |  84 +++++

 dirsrvtests/tests/suites/acl/keywords_test.py |  16 +-

 .../tests/suites/clu/dsctl_acceptance_test.py |  56 ---

 .../tests/suites/clu/repl_monitor_test.py     |   2 +

 .../dynamic_plugins/dynamic_plugins_test.py   |   8 +-

 .../suites/fourwaymmr/fourwaymmr_test.py      |   3 +-

 .../suites/healthcheck/health_config_test.py  |   1 +

 .../suites/healthcheck/health_sync_test.py    |   2 +

 .../tests/suites/import/import_test.py        |  23 +-

 .../tests/suites/indexes/regression_test.py   |  63 ++++

 .../paged_results/paged_results_test.py       |   3 +-

 .../tests/suites/password/regression_test.py  |   2 +

 .../tests/suites/plugins/accpol_test.py       |  20 +-

 .../suites/plugins/managed_entry_test.py      | 351 ++++++++++++++++++

 .../tests/suites/plugins/memberof_test.py     |   3 +-

 .../suites/replication/cleanallruv_test.py    |   8 +-

 .../suites/replication/encryption_cl5_test.py |   8 +-

 .../tests/suites/retrocl/basic_test.py        | 292 ---------------

 18 files changed, 576 insertions(+), 369 deletions(-)

 create mode 100644 .github/workflows/pytest.yml

 delete mode 100644 dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py

 create mode 100644 dirsrvtests/tests/suites/plugins/managed_entry_test.py

 delete mode 100644 dirsrvtests/tests/suites/retrocl/basic_test.py

diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml

new file mode 100644

index 000000000..015794d96

--- /dev/null

+++ b/.github/workflows/pytest.yml

@@ -0,0 +1,84 @@

+name: Test

+

+on: [push, pull_request]

+

+jobs:

+  build:

+    name: Build

+    runs-on: ubuntu-20.04

+    container:

+      image: quay.io/389ds/ci-images:test

+    outputs:

+        matrix: ${{ steps.set-matrix.outputs.matrix }}

+    steps:

+      - name: Checkout

+        uses: actions/checkout@v2

+

+      - name: Get a list of all test suites

+        id: set-matrix

+        run: echo "::set-output name=matrix::$(python3 .github/scripts/generate_matrix.py)"

+

+      - name: Build RPMs

+        run: cd $GITHUB_WORKSPACE && SKIP_AUDIT_CI=1 make -f rpm.mk dist-bz2 rpms

+

+      - name: Tar build artifacts

+        run: tar -cvf dist.tar dist/

+

+      - name: Upload RPMs

+        uses: actions/upload-artifact@v2

+        with:

+          name: rpms

+          path: dist.tar

+

+  test:

+    name: Test

+    runs-on: ubuntu-20.04

+    needs: build

+    strategy:

+      fail-fast: false

+      matrix: ${{ fromJson(needs.build.outputs.matrix) }}

+

+    steps:

+    - name: Checkout

+      uses: actions/checkout@v2

+

+    - name: Install dependencies

+      run: |

+        sudo apt update -y

+        sudo apt install -y docker.io containerd runc

+

+        sudo cp .github/daemon.json /etc/docker/daemon.json

+

+        sudo systemctl unmask docker

+        sudo systemctl start docker

+

+    - name: Download RPMs

+      uses: actions/download-artifact@master

+      with:

+        name: rpms

+    

+    - name: Extract RPMs

+      run: tar xvf dist.tar

+

+    - name: Run pytest in a container

+      run: |

+        set -x

+        CID=$(sudo docker run -d -h server.example.com --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/workspace quay.io/389ds/ci-images:test)

+        sudo docker exec $CID sh -c "dnf install -y -v dist/rpms/*rpm"

+        sudo docker exec $CID py.test  --suppress-no-test-exit-code  -m "not flaky" --junit-xml=pytest.xml -v dirsrvtests/tests/suites/${{ matrix.suite }}

+

+    - name: Make the results file readable by all

+      if: always()

+      run:

+        sudo chmod -f a+r pytest.xml

+

+    - name: Sanitize filename

+      run: echo "PYTEST_SUITE=$(echo ${{ matrix.suite }} | sed -e 's#\/#-#g')" >> $GITHUB_ENV

+      

+    - name: Upload pytest test results

+      if: always()

+      uses: actions/upload-artifact@v2

+      with:

+        name: pytest-${{ env.PYTEST_SUITE }}

+        path: pytest.xml

+ 

diff --git a/dirsrvtests/tests/suites/acl/keywords_test.py b/dirsrvtests/tests/suites/acl/keywords_test.py

index 0174152e3..c5e989f3b 100644

--- a/dirsrvtests/tests/suites/acl/keywords_test.py

+++ b/dirsrvtests/tests/suites/acl/keywords_test.py

@@ -216,7 +216,8 @@ def test_user_binds_without_any_password_and_cannot_access_the_data(topo, add_us

     with pytest.raises(ldap.INSUFFICIENT_ACCESS):

         org.replace("seeAlso", "cn=1")

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_user_can_access_the_data_when_connecting_from_any_machine(

         topo, add_user, aci_of_user

 ):

@@ -245,6 +246,8 @@ def test_user_can_access_the_data_when_connecting_from_any_machine(

     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_user_can_access_the_data_when_connecting_from_internal_ds_network_only(

         topo, add_user, aci_of_user

 ):

@@ -276,7 +279,8 @@ def test_user_can_access_the_data_when_connecting_from_internal_ds_network_only(

     # Perform Operation

     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_user_can_access_the_data_when_connecting_from_some_network_only(

         topo, add_user, aci_of_user

 ):

@@ -306,7 +310,8 @@ def test_user_can_access_the_data_when_connecting_from_some_network_only(

     # Perform Operation

     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_from_an_unauthorized_network(topo, add_user, aci_of_user):

     """User cannot access the data when connecting from an unauthorized network as per the ACI.

@@ -332,7 +337,8 @@ def test_from_an_unauthorized_network(topo, add_user, aci_of_user):

     # Perform Operation

     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_user_cannot_access_the_data_when_connecting_from_an_unauthorized_network_2(

         topo, add_user, aci_of_user):

     """User cannot access the data when connecting from an unauthorized network as per the ACI.

@@ -418,6 +424,8 @@ def test_dnsalias_keyword_test_nodns_cannot(topo, add_user, aci_of_user):

     with pytest.raises(ldap.INSUFFICIENT_ACCESS):

         org.replace("seeAlso", "cn=1")

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 @pytest.mark.ds50378

 @pytest.mark.bz1710848

 @pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"])

diff --git a/dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py b/dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py

deleted file mode 100644

index a0f89defd..000000000

--- a/dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py

+++ /dev/null

@@ -1,56 +0,0 @@

-# --- BEGIN COPYRIGHT BLOCK ---

-# Copyright (C) 2021 Red Hat, Inc.

-# All rights reserved.

-#

-# License: GPL (version 3 or any later version).

-# See LICENSE for details.

-# --- END COPYRIGHT BLOCK ---

-

-import logging

-import pytest

-import os

-from lib389._constants import *

-from lib389.topologies import topology_st as topo

-

-log = logging.getLogger(__name__)

-

-

-def test_custom_path(topo):

-    """Test that a custom path, backup directory, is correctly used by lib389

-    when the server is stopped.

-

-    :id: 8659e209-ee83-477e-8183-1d2f555669ea

-    :setup: Standalone Instance

-    :steps:

-        1. Get the LDIF directory

-        2. Change the server's backup directory to the LDIF directory

-        3. Stop the server, and perform a backup

-        4. Backup was written to LDIF directory

-    :expectedresults:

-        1. Success

-        2. Success

-        3. Success

-        4. Success

-    """

-

-    # Get LDIF dir

-    ldif_dir = topo.standalone.get_ldif_dir()

-

-    # Set backup directory to LDIF directory

-    topo.standalone.config.replace('nsslapd-bakdir', ldif_dir)

-

-    # Stop the server and take a backup

-    topo.standalone.stop()

-    topo.standalone.db2bak(None)

-

-    # Verify backup was written to LDIF directory

-    backups = os.listdir(ldif_dir)

-    assert len(backups)

-

-

-if __name__ == '__main__':

-    # Run isolated

-    # -s for DEBUG mode

-    CURRENT_FILE = os.path.realpath(__file__)

-    pytest.main(["-s", CURRENT_FILE])

-

diff --git a/dirsrvtests/tests/suites/clu/repl_monitor_test.py b/dirsrvtests/tests/suites/clu/repl_monitor_test.py

index 9428edb26..3cf6343c8 100644

--- a/dirsrvtests/tests/suites/clu/repl_monitor_test.py

+++ b/dirsrvtests/tests/suites/clu/repl_monitor_test.py

@@ -90,6 +90,8 @@ def get_hostnames_from_log(port1, port2):

         host_m2 = match.group(2)

     return (host_m1, host_m2)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 @pytest.mark.ds50545

 @pytest.mark.bz1739718

 @pytest.mark.skipif(ds_is_older("1.4.0"), reason="Not implemented")

diff --git a/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py b/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py

index b61daed74..7558cc03d 100644

--- a/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py

+++ b/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py

@@ -68,7 +68,8 @@ def check_replicas(topology_m2):

     log.info('Data is consistent across the replicas.\n')

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_acceptance(topology_m2):

     """Exercise each plugin and its main features, while

     changing the configuration without restarting the server.

@@ -140,7 +141,8 @@ def test_acceptance(topology_m2):

     ############################################################################

     check_replicas(topology_m2)

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_memory_corruption(topology_m2):

     """Check the plugins for memory corruption issues while

     dynamic plugins option is enabled

@@ -242,6 +244,8 @@ def test_memory_corruption(topology_m2):

     ############################################################################

     check_replicas(topology_m2)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 @pytest.mark.tier2

 def test_stress(topology_m2):

     """Test plugins while under a big load. Perform the test 5 times

diff --git a/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py b/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py

index 5b0754a2e..c5a746ebb 100644

--- a/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py

+++ b/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py

@@ -144,7 +144,8 @@ def test_delete_a_few_entries_in_m4(topo_m4, _cleanupentris):

         topo_m4.ms["supplier4"], topo_m4.ms["supplier3"], 30

     )

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_replicated_multivalued_entries(topo_m4):

     """

     Replicated multivalued entries are ordered the same way on all consumers

diff --git a/dirsrvtests/tests/suites/healthcheck/health_config_test.py b/dirsrvtests/tests/suites/healthcheck/health_config_test.py

index 3d102e859..f470c05c6 100644

--- a/dirsrvtests/tests/suites/healthcheck/health_config_test.py

+++ b/dirsrvtests/tests/suites/healthcheck/health_config_test.py

@@ -337,6 +337,7 @@ def test_healthcheck_low_disk_space(topology_st):

     os.remove(file)

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 @pytest.mark.ds50791

 @pytest.mark.bz1843567

 @pytest.mark.xfail(ds_is_older("1.4.3.8"), reason="Not implemented")

diff --git a/dirsrvtests/tests/suites/healthcheck/health_sync_test.py b/dirsrvtests/tests/suites/healthcheck/health_sync_test.py

index 75bbfd35c..74df1b322 100644

--- a/dirsrvtests/tests/suites/healthcheck/health_sync_test.py

+++ b/dirsrvtests/tests/suites/healthcheck/health_sync_test.py

@@ -70,6 +70,8 @@ def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searc

 @pytest.mark.ds50873

 @pytest.mark.bz1685160

 @pytest.mark.xfail(ds_is_older("1.4.1"), reason="Not implemented")

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_healthcheck_replication_out_of_sync_not_broken(topology_m3):

     """Check if HealthCheck returns DSREPLLE0003 code

diff --git a/dirsrvtests/tests/suites/import/import_test.py b/dirsrvtests/tests/suites/import/import_test.py

index defe447d5..119b097f1 100644

--- a/dirsrvtests/tests/suites/import/import_test.py

+++ b/dirsrvtests/tests/suites/import/import_test.py

@@ -14,6 +14,7 @@ import os

 import pytest

 import time

 import glob

+import logging

 from lib389.topologies import topology_st as topo

 from lib389._constants import DEFAULT_SUFFIX, TaskWarning

 from lib389.dbgen import dbgen_users

@@ -28,6 +29,12 @@ from lib389.idm.account import Accounts

 pytestmark = pytest.mark.tier1

+DEBUGGING = os.getenv("DEBUGGING", default=False)

+if DEBUGGING:

+    logging.getLogger(__name__).setLevel(logging.DEBUG)

+else:

+    logging.getLogger(__name__).setLevel(logging.INFO)

+log = logging.getLogger(__name__)

 def _generate_ldif(topo, no_no):

     """

@@ -349,7 +356,8 @@ def _toggle_private_import_mem(request, topo):

             ('nsslapd-db-private-import-mem', 'off'))

     request.addfinalizer(finofaci)

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):

     """With nsslapd-db-private-import-mem: on is faster import.

@@ -381,16 +389,19 @@ def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):

     # Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0

     config = LDBMConfig(topo.standalone)

     # Measure offline import time duration total_time1

-    total_time1 = _import_offline(topo, 20)

+    total_time1 = _import_offline(topo, 1000)

     # Now nsslapd-db-private-import-mem:off

     config.replace('nsslapd-db-private-import-mem', 'off')

     accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)

     for i in accounts.filter('(uid=*)'):

         UserAccount(topo.standalone, i.dn).delete()

     # Measure offline import time duration total_time2

-    total_time2 = _import_offline(topo, 20)

+    total_time2 = _import_offline(topo, 1000)

     # total_time1 < total_time2

+    log.info("total_time1 = %f" % total_time1)

+    log.info("total_time2 = %f" % total_time2)

     assert total_time1 < total_time2

+

     # Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1

     config.replace_many(

         ('nsslapd-db-private-import-mem', 'on'),

@@ -398,14 +409,16 @@ def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):

     for i in accounts.filter('(uid=*)'):

         UserAccount(topo.standalone, i.dn).delete()

     # Measure offline import time duration total_time1

-    total_time1 = _import_offline(topo, 20)

+    total_time1 = _import_offline(topo, 1000)

     # Now nsslapd-db-private-import-mem:off

     config.replace('nsslapd-db-private-import-mem', 'off')

     for i in accounts.filter('(uid=*)'):

         UserAccount(topo.standalone, i.dn).delete()

     # Measure offline import time duration total_time2

-    total_time2 = _import_offline(topo, 20)

+    total_time2 = _import_offline(topo, 1000)

     # total_time1 < total_time2

+    log.info("toral_time1 = %f" % total_time1)

+    log.info("total_time2 = %f" % total_time2)

     assert total_time1 < total_time2

diff --git a/dirsrvtests/tests/suites/indexes/regression_test.py b/dirsrvtests/tests/suites/indexes/regression_test.py

index 1a71f16e9..ed0c8885f 100644

--- a/dirsrvtests/tests/suites/indexes/regression_test.py

+++ b/dirsrvtests/tests/suites/indexes/regression_test.py

@@ -19,6 +19,68 @@ from lib389.topologies import topology_st as topo

 pytestmark = pytest.mark.tier1

+@pytest.fixture(scope="function")

+def add_a_group_with_users(request, topo):

+    """

+    Add a group and users, which are members of this group.

+    """

+    groups = Groups(topo.standalone, DEFAULT_SUFFIX, rdn=None)

+    group = groups.create(properties={'cn': 'test_group'})

+    users_list = []

+    users_num = 100

+    users = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)

+    for num in range(users_num):

+        USER_NAME = f'test_{num}'

+        user = users.create(properties={

+            'uid': USER_NAME,

+            'sn': USER_NAME,

+            'cn': USER_NAME,

+            'uidNumber': f'{num}',

+            'gidNumber': f'{num}',

+            'homeDirectory': f'/home/{USER_NAME}'

+        })

+        users_list.append(user)

+        group.add_member(user.dn)

+

+    def fin():

+        """

+        Removes group and users.

+        """

+        # If the server crashed, start it again to do the cleanup

+        if not topo.standalone.status():

+            topo.standalone.start()

+        for user in users_list:

+            user.delete()

+        group.delete()

+

+    request.addfinalizer(fin)

+

+

+@pytest.fixture(scope="function")

+def set_small_idlistscanlimit(request, topo):

+    """

+    Set nsslapd-idlistscanlimit to a smaller value to accelerate the reproducer

+    """

+    db_cfg = DatabaseConfig(topo.standalone)

+    old_idlistscanlimit = db_cfg.get_attr_vals_utf8('nsslapd-idlistscanlimit')

+    db_cfg.set([('nsslapd-idlistscanlimit', '100')])

+    topo.standalone.restart()

+

+    def fin():

+        """

+        Set nsslapd-idlistscanlimit back to the default value

+        """

+        # If the server crashed, start it again to do the cleanup

+        if not topo.standalone.status():

+            topo.standalone.start()

+        db_cfg.set([('nsslapd-idlistscanlimit', old_idlistscanlimit)])

+        topo.standalone.restart()

+

+    request.addfinalizer(fin)

+

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

+@pytest.mark.skipif(ds_is_older("1.4.4.4"), reason="Not implemented")

 def test_reindex_task_creates_abandoned_index_file(topo):

     """

     Recreating an index for the same attribute but changing

@@ -123,3 +185,4 @@ if __name__ == "__main__":

     # -s for DEBUG mode

     CURRENT_FILE = os.path.realpath(__file__)

     pytest.main("-s %s" % CURRENT_FILE)

+

diff --git a/dirsrvtests/tests/suites/paged_results/paged_results_test.py b/dirsrvtests/tests/suites/paged_results/paged_results_test.py

index 9fdceb165..0b45b7d96 100644

--- a/dirsrvtests/tests/suites/paged_results/paged_results_test.py

+++ b/dirsrvtests/tests/suites/paged_results/paged_results_test.py

@@ -506,7 +506,8 @@ def test_search_with_timelimit(topology_st, create_user):

     finally:

         del_users(users_list)

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 @pytest.mark.parametrize('aci_subject',

                          ('dns = "{}"'.format(HOSTNAME),

                           'ip = "{}"'.format(IP_ADDRESS)))

diff --git a/dirsrvtests/tests/suites/password/regression_test.py b/dirsrvtests/tests/suites/password/regression_test.py

index 251834421..8f1facb6d 100644

--- a/dirsrvtests/tests/suites/password/regression_test.py

+++ b/dirsrvtests/tests/suites/password/regression_test.py

@@ -215,6 +215,8 @@ def test_global_vs_local(topo, passw_policy, create_user, user_pasw):

     # reset password

     create_user.set('userPassword', PASSWORD)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 @pytest.mark.ds49789

 def test_unhashed_pw_switch(topo_supplier):

     """Check that nsslapd-unhashed-pw-switch works corrently

diff --git a/dirsrvtests/tests/suites/plugins/accpol_test.py b/dirsrvtests/tests/suites/plugins/accpol_test.py

index 73e2e54d1..77975c747 100644

--- a/dirsrvtests/tests/suites/plugins/accpol_test.py

+++ b/dirsrvtests/tests/suites/plugins/accpol_test.py

@@ -520,7 +520,8 @@ def test_glinact_limit(topology_st, accpol_global):

     modify_attr(topology_st, ACCP_CONF, 'accountInactivityLimit', '12')

     del_users(topology_st, suffix, subtree, userid, nousrs)

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_glnologin_attr(topology_st, accpol_global):

     """Verify if user account is inactivated based on createTimeStamp attribute, no lastLoginTime attribute present

@@ -610,7 +611,8 @@ def test_glnologin_attr(topology_st, accpol_global):

     account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")

     del_users(topology_st, suffix, subtree, userid, nousrs)

-

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_glnoalt_stattr(topology_st, accpol_global):

     """Verify if user account can be inactivated based on lastLoginTime attribute, altstateattrname set to 1.1

@@ -656,6 +658,8 @@ def test_glnoalt_stattr(topology_st, accpol_global):

     del_users(topology_st, suffix, subtree, userid, nousrs)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_glattr_modtime(topology_st, accpol_global):

     """Verify if user account can be inactivated based on modifyTimeStamp attribute

@@ -705,6 +709,8 @@ def test_glattr_modtime(topology_st, accpol_global):

     del_users(topology_st, suffix, subtree, userid, nousrs)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_glnoalt_nologin(topology_st, accpol_global):

     """Verify if account policy plugin works if we set altstateattrname set to 1.1 and alwaysrecordlogin to NO

@@ -763,6 +769,8 @@ def test_glnoalt_nologin(topology_st, accpol_global):

     del_users(topology_st, suffix, subtree, userid, nousrs)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_glinact_nsact(topology_st, accpol_global):

     """Verify if user account can be activated using ns-activate.pl script.

@@ -812,6 +820,8 @@ def test_glinact_nsact(topology_st, accpol_global):

     del_users(topology_st, suffix, subtree, userid, nousrs)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_glinact_acclock(topology_st, accpol_global):

     """Verify if user account is activated when account is unlocked by passwordlockoutduration.

@@ -868,6 +878,8 @@ def test_glinact_acclock(topology_st, accpol_global):

     del_users(topology_st, suffix, subtree, userid, nousrs)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_glnact_pwexp(topology_st, accpol_global):

     """Verify if user account is activated when password is reset after password is expired

@@ -951,6 +963,8 @@ def test_glnact_pwexp(topology_st, accpol_global):

     del_users(topology_st, suffix, subtree, userid, nousrs)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_locact_inact(topology_st, accpol_local):

     """Verify if user account is inactivated when accountInactivityLimit is exceeded.

@@ -995,6 +1009,8 @@ def test_locact_inact(topology_st, accpol_local):

     del_users(topology_st, suffix, subtree, userid, nousrs)

+#unstable or unstatus tests, skipped for now

+@pytest.mark.flaky(max_runs=2, min_passes=1)

 def test_locinact_modrdn(topology_st, accpol_local):

     """Verify if user account is inactivated when moved from ou=groups to ou=people subtree.

diff --git a/dirsrvtests/tests/suites/plugins/managed_entry_test.py b/dirsrvtests/tests/suites/plugins/managed_entry_test.py

new file mode 100644

index 000000000..662044ccd

--- /dev/null

+++ b/dirsrvtests/tests/suites/plugins/managed_entry_test.py

@@ -0,0 +1,351 @@

+# --- BEGIN COPYRIGHT BLOCK ---

+# Copyright (C) 2020 Red Hat, Inc.

+# All rights reserved.

+#

+# License: GPL (version 3 or any later version).

+# See LICENSE for details.

+# --- END COPYRIGHT BLOCK ---

+#

+import pytest

+import time

+from lib389.topologies import topology_st as topo

+from lib389.idm.user import UserAccount, UserAccounts

+from lib389.idm.account import Account, Accounts

+from lib389._constants import DEFAULT_SUFFIX

+from lib389.idm.group import Groups

+from lib389.config import Config

+from lib389.idm.organizationalunit import OrganizationalUnits, OrganizationalUnit

+from lib389.plugins import MEPTemplates, MEPConfigs, ManagedEntriesPlugin, MEPTemplate

+from lib389.idm.nscontainer import nsContainers

+from lib389.idm.domain import Domain

+from lib389.tasks import Entry

+import ldap

+

+pytestmark = pytest.mark.tier1

+USER_PASSWORD = 'password'

+

+

+@pytest.fixture(scope="module")

+def _create_inital(topo):

+    """

+    Will create entries for this module

+    """

+    meps = MEPTemplates(topo.standalone, DEFAULT_SUFFIX)

+    mep_template1 = meps.create(

+        properties={'cn': 'UPG Template', 'mepRDNAttr': 'cn', 'mepStaticAttr': 'objectclass: posixGroup',

+                    'mepMappedAttr': 'cn: $uid|gidNumber: $gidNumber|description: User private group for $uid'.split(

+                        '|')})

+    conf_mep = MEPConfigs(topo.standalone)

+    conf_mep.create(properties={'cn': 'UPG Definition1', 'originScope': f'cn=Users,{DEFAULT_SUFFIX}',

+                                             'originFilter': 'objectclass=posixaccount',

+                                             'managedBase': f'cn=Groups,{DEFAULT_SUFFIX}',

+                                             'managedTemplate': mep_template1.dn})

+    container = nsContainers(topo.standalone, DEFAULT_SUFFIX)

+    for cn in ['Users', 'Groups']:

+        container.create(properties={'cn': cn})

+

+

+def test_binddn_tracking(topo, _create_inital):

+    """Test Managed Entries basic functionality

+

+    :id: ea2ddfd4-aaec-11ea-8416-8c16451d917b

+    :setup: Standalone Instance

+    :steps:

+        1. Set nsslapd-plugin-binddn-tracking attribute under cn=config

+        2. Add user

+        3. Managed Entry Plugin runs against managed entries upon any update without validating

+        4. verify creation of User Private Group with its time stamp value

+        5. Modify the SN attribute which is not mapped with managed entry

+        6. run ModRDN operation and check the User Private group

+        7. Check the time stamp of UPG should be changed now

+        8. Check the creatorsname should be user dn and internalCreatorsname should be plugin name

+        9. Check if a managed group entry was created

+    :expected results:

+        1. Success

+        2. Success

+        3. Success

+        4. Success

+        5. Success

+        6. Success

+        7. Success

+        8. Success

+        9. Success

+    """

+    config = Config(topo.standalone)

+    # set nsslapd-plugin-binddn-tracking attribute under cn=config

+    config.replace('nsslapd-plugin-binddn-tracking', 'on')

+    # Add user

+    user = UserAccounts(topo.standalone, f'cn=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()

+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}'

+    entry = Account(topo.standalone, f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}')

+    # Managed Entry Plugin runs against managed entries upon any update without validating

+    # verify creation of User Private Group with its time stamp value

+    stamp1 = entry.get_attr_val_utf8('modifyTimestamp')

+    user.replace('sn', 'NewSN_modified')

+    stamp2 = entry.get_attr_val_utf8('modifyTimestamp')

+    # Modify the SN attribute which is not mapped with managed entry

+    # Check the time stamp of UPG should not be changed

+    assert stamp1 == stamp2

+    time.sleep(1)

+    # run ModRDN operation and check the User Private group

+    user.rename(new_rdn='uid=UserNewRDN', newsuperior='cn=Users,dc=example,dc=com')

+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}'

+    entry = Account(topo.standalone, f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}')

+    stamp3 = entry.get_attr_val_utf8('modifyTimestamp')

+    # Check the time stamp of UPG should be changed now