8e1ca3
From a39af6b7228d8ba85b9e97aa5decbc056d081c77 Mon Sep 17 00:00:00 2001
8e1ca3
From: Sudhir Menon <sumenon@redhat.com>
8e1ca3
Date: Thu, 23 Jun 2022 16:14:39 +0530
8e1ca3
Subject: [PATCH] ipatests: ipa-client-install --subid adds entry in
8e1ca3
 nsswitch.conf
8e1ca3
8e1ca3
This testcase checks that when ipa-client-install command
8e1ca3
is run with --subid option, /etc/nsswitch.conf file is updated
8e1ca3
with the below entry
8e1ca3
8e1ca3
subid: nss
8e1ca3
Related: https://pagure.io/freeipa/issue/9159
8e1ca3
8e1ca3
Since the newly added testsuite required client
8e1ca3
system, hence modified the below yaml files to change the topology
8e1ca3
from *master_1repl to *master_1repl_1client in the below files
8e1ca3
8e1ca3
gating.yaml
8e1ca3
nightly_latest.yaml
8e1ca3
nightly_rawhide.yaml
8e1ca3
8e1ca3
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
8e1ca3
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
8e1ca3
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
8e1ca3
Reviewed-By: Stanislav Levin <slev@altlinux.org>
8e1ca3
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
8e1ca3
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
8e1ca3
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
8e1ca3
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
8e1ca3
Reviewed-By: Stanislav Levin <slev@altlinux.org>
8e1ca3
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
8e1ca3
---
8e1ca3
 ipatests/prci_definitions/gating.yaml         |  2 +-
8e1ca3
 .../nightly_ipa-4-10_latest.yaml              |  2 +-
8e1ca3
 .../nightly_ipa-4-10_latest_selinux.yaml      |  2 +-
8e1ca3
 .../nightly_ipa-4-10_previous.yaml            |  2 +-
8e1ca3
 ipatests/test_integration/test_subids.py      | 38 +++++++++++++++++++
8e1ca3
 5 files changed, 42 insertions(+), 4 deletions(-)
8e1ca3
8e1ca3
diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml
8e1ca3
index 4083c650a17ce76bdefa243f1a7c5924039ff0bb..db4875dcfae8676287ef771805b34d988330bb40 100644
8e1ca3
--- a/ipatests/prci_definitions/gating.yaml
8e1ca3
+++ b/ipatests/prci_definitions/gating.yaml
8e1ca3
@@ -309,4 +309,4 @@ jobs:
8e1ca3
         test_suite: test_integration/test_subids.py
8e1ca3
         template: *ci-ipa-4-10-latest
8e1ca3
         timeout: 3600
8e1ca3
-        topology: *master_1repl
8e1ca3
+        topology: *master_1repl_1client
8e1ca3
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
8e1ca3
index 24aa6e7cf29e448ba9d838d1cb98169213ea63ef..027b2a5b6c0b7ec3c3b5784ec4569661a06d4ed7 100644
8e1ca3
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
8e1ca3
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
8e1ca3
@@ -1748,7 +1748,7 @@ jobs:
8e1ca3
         test_suite: test_integration/test_subids.py
8e1ca3
         template: *ci-ipa-4-10-latest
8e1ca3
         timeout: 3600
8e1ca3
-        topology: *master_1repl
8e1ca3
+        topology: *master_1repl_1client
8e1ca3
 
8e1ca3
   fedora-latest-ipa-4-10/test_custom_plugins:
8e1ca3
     requires: [fedora-latest-ipa-4-10/build]
8e1ca3
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
8e1ca3
index f22cc08384b3d50e49278d38e73bf93cd7804e80..bcc17bef935666735bfb2c2e51209362a374b511 100644
8e1ca3
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
8e1ca3
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
8e1ca3
@@ -1887,7 +1887,7 @@ jobs:
8e1ca3
         test_suite: test_integration/test_subids.py
8e1ca3
         template: *ci-ipa-4-10-latest
8e1ca3
         timeout: 3600
8e1ca3
-        topology: *master_1repl
8e1ca3
+        topology: *master_1repl_1client
8e1ca3
 
8e1ca3
   fedora-latest-ipa-4-10/test_custom_plugins:
8e1ca3
     requires: [fedora-latest-ipa-4-10/build]
8e1ca3
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
8e1ca3
index df98a66871fd90daaebd83f063e48f1580675049..37d38762e696a6394ef146a0e2b68bbc8ced515d 100644
8e1ca3
--- a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
8e1ca3
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
8e1ca3
@@ -1748,7 +1748,7 @@ jobs:
8e1ca3
         test_suite: test_integration/test_subids.py
8e1ca3
         template: *ci-ipa-4-10-previous
8e1ca3
         timeout: 3600
8e1ca3
-        topology: *master_1repl
8e1ca3
+        topology: *master_1repl_1client
8e1ca3
 
8e1ca3
   fedora-previous-ipa-4-10/test_custom_plugins:
8e1ca3
     requires: [fedora-previous-ipa-4-10/build]
8e1ca3
diff --git a/ipatests/test_integration/test_subids.py b/ipatests/test_integration/test_subids.py
8e1ca3
index f6d8607f237bf03358baae008dd2a6ad819751c0..8158499e1a2b71bdc1a308dec0939fd0d491599d 100644
8e1ca3
--- a/ipatests/test_integration/test_subids.py
8e1ca3
+++ b/ipatests/test_integration/test_subids.py
8e1ca3
@@ -17,6 +17,7 @@ from ipatests.test_integration.base import IntegrationTest
8e1ca3
 
8e1ca3
 class TestSubordinateId(IntegrationTest):
8e1ca3
     num_replicas = 0
8e1ca3
+    num_clients = 1
8e1ca3
     topology = "star"
8e1ca3
 
8e1ca3
     def _parse_result(self, result):
8e1ca3
@@ -268,3 +269,40 @@ class TestSubordinateId(IntegrationTest):
8e1ca3
                                           f"--subuid={subuid}"])
8e1ca3
         owner = self._parse_result(result)["owner"]
8e1ca3
         assert owner == uid
8e1ca3
+
8e1ca3
+    def test_nsswitch_doesnot_contain_subid_entry(self):
8e1ca3
+        """
8e1ca3
+        This testcase checks that when ipa-client-install
8e1ca3
+        is installed without subid option, the nsswitch.conf
8e1ca3
+        does not contain subid entry or does not use sss as
8e1ca3
+        source for subid
8e1ca3
+        """
8e1ca3
+        cmd = self.clients[0].run_command(
8e1ca3
+            ["grep", "^subid", "/etc/nsswitch.conf"],
8e1ca3
+            raiseonerr=False
8e1ca3
+        )
8e1ca3
+        # a source is defined for the subid database.
8e1ca3
+        # Ensure it is not "sss"
8e1ca3
+        if cmd.returncode == 0:
8e1ca3
+            assert 'sss' not in cmd.stdout_text
8e1ca3
+        else:
8e1ca3
+            # grep command returncode 1 means no matching line
8e1ca3
+            # was found = no source is defined for the subid database,
8e1ca3
+            # which is valid other return codes would
8e1ca3
+            # mean an error occurred
8e1ca3
+            assert cmd.returncode == 1
8e1ca3
+
8e1ca3
+    def test_nsswitch_is_updated_with_subid_entry(self):
8e1ca3
+        """
8e1ca3
+        This test case checks that when ipa-client-install
8e1ca3
+        is installed with --subid option, the nsswitch.conf
8e1ca3
+        file is modified with the entry 'subid: sss'
8e1ca3
+        """
8e1ca3
+        tasks.uninstall_client(self.clients[0])
8e1ca3
+        tasks.install_client(self.master, self.clients[0],
8e1ca3
+                             extra_args=['--subid'])
8e1ca3
+        cmd = self.clients[0].run_command(
8e1ca3
+            ["grep", "^subid", "/etc/nsswitch.conf"]
8e1ca3
+        )
8e1ca3
+        subid = cmd.stdout_text.split()
8e1ca3
+        assert ['subid:', 'sss'] == subid
8e1ca3
-- 
8e1ca3
2.37.2
8e1ca3