c8cd81
From a39af6b7228d8ba85b9e97aa5decbc056d081c77 Mon Sep 17 00:00:00 2001
c8cd81
From: Sudhir Menon <sumenon@redhat.com>
c8cd81
Date: Thu, 23 Jun 2022 16:14:39 +0530
c8cd81
Subject: [PATCH] ipatests: ipa-client-install --subid adds entry in
c8cd81
 nsswitch.conf
c8cd81
c8cd81
This testcase checks that when ipa-client-install command
c8cd81
is run with --subid option, /etc/nsswitch.conf file is updated
c8cd81
with the below entry
c8cd81
c8cd81
subid: nss
c8cd81
Related: https://pagure.io/freeipa/issue/9159
c8cd81
c8cd81
Since the newly added testsuite required client
c8cd81
system, hence modified the below yaml files to change the topology
c8cd81
from *master_1repl to *master_1repl_1client in the below files
c8cd81
c8cd81
gating.yaml
c8cd81
nightly_latest.yaml
c8cd81
nightly_rawhide.yaml
c8cd81
c8cd81
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
c8cd81
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
c8cd81
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
c8cd81
Reviewed-By: Stanislav Levin <slev@altlinux.org>
c8cd81
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
c8cd81
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
c8cd81
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
c8cd81
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
c8cd81
Reviewed-By: Stanislav Levin <slev@altlinux.org>
c8cd81
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
c8cd81
---
c8cd81
 ipatests/prci_definitions/gating.yaml         |  2 +-
c8cd81
 .../nightly_ipa-4-10_latest.yaml              |  2 +-
c8cd81
 .../nightly_ipa-4-10_latest_selinux.yaml      |  2 +-
c8cd81
 .../nightly_ipa-4-10_previous.yaml            |  2 +-
c8cd81
 ipatests/test_integration/test_subids.py      | 38 +++++++++++++++++++
c8cd81
 5 files changed, 42 insertions(+), 4 deletions(-)
c8cd81
c8cd81
diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml
c8cd81
index 4083c650a17ce76bdefa243f1a7c5924039ff0bb..db4875dcfae8676287ef771805b34d988330bb40 100644
c8cd81
--- a/ipatests/prci_definitions/gating.yaml
c8cd81
+++ b/ipatests/prci_definitions/gating.yaml
c8cd81
@@ -309,4 +309,4 @@ jobs:
c8cd81
         test_suite: test_integration/test_subids.py
c8cd81
         template: *ci-ipa-4-10-latest
c8cd81
         timeout: 3600
c8cd81
-        topology: *master_1repl
c8cd81
+        topology: *master_1repl_1client
c8cd81
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
c8cd81
index 24aa6e7cf29e448ba9d838d1cb98169213ea63ef..027b2a5b6c0b7ec3c3b5784ec4569661a06d4ed7 100644
c8cd81
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
c8cd81
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
c8cd81
@@ -1748,7 +1748,7 @@ jobs:
c8cd81
         test_suite: test_integration/test_subids.py
c8cd81
         template: *ci-ipa-4-10-latest
c8cd81
         timeout: 3600
c8cd81
-        topology: *master_1repl
c8cd81
+        topology: *master_1repl_1client
c8cd81
 
c8cd81
   fedora-latest-ipa-4-10/test_custom_plugins:
c8cd81
     requires: [fedora-latest-ipa-4-10/build]
c8cd81
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
c8cd81
index f22cc08384b3d50e49278d38e73bf93cd7804e80..bcc17bef935666735bfb2c2e51209362a374b511 100644
c8cd81
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
c8cd81
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
c8cd81
@@ -1887,7 +1887,7 @@ jobs:
c8cd81
         test_suite: test_integration/test_subids.py
c8cd81
         template: *ci-ipa-4-10-latest
c8cd81
         timeout: 3600
c8cd81
-        topology: *master_1repl
c8cd81
+        topology: *master_1repl_1client
c8cd81
 
c8cd81
   fedora-latest-ipa-4-10/test_custom_plugins:
c8cd81
     requires: [fedora-latest-ipa-4-10/build]
c8cd81
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
c8cd81
index df98a66871fd90daaebd83f063e48f1580675049..37d38762e696a6394ef146a0e2b68bbc8ced515d 100644
c8cd81
--- a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
c8cd81
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
c8cd81
@@ -1748,7 +1748,7 @@ jobs:
c8cd81
         test_suite: test_integration/test_subids.py
c8cd81
         template: *ci-ipa-4-10-previous
c8cd81
         timeout: 3600
c8cd81
-        topology: *master_1repl
c8cd81
+        topology: *master_1repl_1client
c8cd81
 
c8cd81
   fedora-previous-ipa-4-10/test_custom_plugins:
c8cd81
     requires: [fedora-previous-ipa-4-10/build]
c8cd81
diff --git a/ipatests/test_integration/test_subids.py b/ipatests/test_integration/test_subids.py
c8cd81
index f6d8607f237bf03358baae008dd2a6ad819751c0..8158499e1a2b71bdc1a308dec0939fd0d491599d 100644
c8cd81
--- a/ipatests/test_integration/test_subids.py
c8cd81
+++ b/ipatests/test_integration/test_subids.py
c8cd81
@@ -17,6 +17,7 @@ from ipatests.test_integration.base import IntegrationTest
c8cd81
 
c8cd81
 class TestSubordinateId(IntegrationTest):
c8cd81
     num_replicas = 0
c8cd81
+    num_clients = 1
c8cd81
     topology = "star"
c8cd81
 
c8cd81
     def _parse_result(self, result):
c8cd81
@@ -268,3 +269,40 @@ class TestSubordinateId(IntegrationTest):
c8cd81
                                           f"--subuid={subuid}"])
c8cd81
         owner = self._parse_result(result)["owner"]
c8cd81
         assert owner == uid
c8cd81
+
c8cd81
+    def test_nsswitch_doesnot_contain_subid_entry(self):
c8cd81
+        """
c8cd81
+        This testcase checks that when ipa-client-install
c8cd81
+        is installed without subid option, the nsswitch.conf
c8cd81
+        does not contain subid entry or does not use sss as
c8cd81
+        source for subid
c8cd81
+        """
c8cd81
+        cmd = self.clients[0].run_command(
c8cd81
+            ["grep", "^subid", "/etc/nsswitch.conf"],
c8cd81
+            raiseonerr=False
c8cd81
+        )
c8cd81
+        # a source is defined for the subid database.
c8cd81
+        # Ensure it is not "sss"
c8cd81
+        if cmd.returncode == 0:
c8cd81
+            assert 'sss' not in cmd.stdout_text
c8cd81
+        else:
c8cd81
+            # grep command returncode 1 means no matching line
c8cd81
+            # was found = no source is defined for the subid database,
c8cd81
+            # which is valid other return codes would
c8cd81
+            # mean an error occurred
c8cd81
+            assert cmd.returncode == 1
c8cd81
+
c8cd81
+    def test_nsswitch_is_updated_with_subid_entry(self):
c8cd81
+        """
c8cd81
+        This test case checks that when ipa-client-install
c8cd81
+        is installed with --subid option, the nsswitch.conf
c8cd81
+        file is modified with the entry 'subid: sss'
c8cd81
+        """
c8cd81
+        tasks.uninstall_client(self.clients[0])
c8cd81
+        tasks.install_client(self.master, self.clients[0],
c8cd81
+                             extra_args=['--subid'])
c8cd81
+        cmd = self.clients[0].run_command(
c8cd81
+            ["grep", "^subid", "/etc/nsswitch.conf"]
c8cd81
+        )
c8cd81
+        subid = cmd.stdout_text.split()
c8cd81
+        assert ['subid:', 'sss'] == subid
c8cd81
-- 
c8cd81
2.37.2
c8cd81