|
 |
e0e1b7 |
From 6b70e3c49acc55b5553101cf850fc40978861979 Mon Sep 17 00:00:00 2001
|
|
|
e0e1b7 |
From: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
Date: Mon, 17 Jan 2022 16:57:52 +0530
|
|
|
e0e1b7 |
Subject: [PATCH] ipatests: Tests for Autoprivate group.
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Added tests using posix AD trust and non posix AD trust.
|
|
|
e0e1b7 |
For option --auto-private-groups=[hybrid/true/false]
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Related : https://pagure.io/freeipa/issue/8807
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Signed-off-by: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
e0e1b7 |
Reviewed-By: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
---
|
|
|
e0e1b7 |
.../nightly_ipa-4-9_latest.yaml | 2 +-
|
|
|
e0e1b7 |
.../nightly_ipa-4-9_latest_selinux.yaml | 2 +-
|
|
|
e0e1b7 |
.../nightly_ipa-4-9_previous.yaml | 2 +-
|
|
|
e0e1b7 |
ipatests/test_integration/test_trust.py | 242 +++++++++++++++++-
|
|
|
e0e1b7 |
4 files changed, 240 insertions(+), 8 deletions(-)
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml
|
|
|
e0e1b7 |
index 6817421b2..8b1f58c4d 100644
|
|
|
e0e1b7 |
--- a/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml
|
|
|
e0e1b7 |
+++ b/ipatests/prci_definitions/nightly_ipa-4-9_latest.yaml
|
|
|
e0e1b7 |
@@ -1627,7 +1627,7 @@ jobs:
|
|
|
e0e1b7 |
build_url: '{fedora-latest-ipa-4-9/build_url}'
|
|
|
e0e1b7 |
test_suite: test_integration/test_trust.py
|
|
|
e0e1b7 |
template: *ci-ipa-4-9-latest
|
|
|
e0e1b7 |
- timeout: 9000
|
|
|
e0e1b7 |
+ timeout: 10000
|
|
|
e0e1b7 |
topology: *adroot_adchild_adtree_master_1client
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
fedora-latest-ipa-4-9/test_backup_and_restore_TestBackupAndRestoreTrust:
|
|
|
e0e1b7 |
diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml
|
|
|
e0e1b7 |
index 817329756..a11376ab8 100644
|
|
|
e0e1b7 |
--- a/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml
|
|
|
e0e1b7 |
+++ b/ipatests/prci_definitions/nightly_ipa-4-9_latest_selinux.yaml
|
|
|
e0e1b7 |
@@ -1743,7 +1743,7 @@ jobs:
|
|
|
e0e1b7 |
selinux_enforcing: True
|
|
|
e0e1b7 |
test_suite: test_integration/test_trust.py
|
|
|
e0e1b7 |
template: *ci-ipa-4-9-latest
|
|
|
e0e1b7 |
- timeout: 9000
|
|
|
e0e1b7 |
+ timeout: 10000
|
|
|
e0e1b7 |
topology: *adroot_adchild_adtree_master_1client
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
fedora-latest-ipa-4-9/test_backup_and_restore_TestBackupAndRestoreTrust:
|
|
|
e0e1b7 |
diff --git a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml
|
|
|
e0e1b7 |
index 4196265c7..3f8ce8b76 100644
|
|
|
e0e1b7 |
--- a/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml
|
|
|
e0e1b7 |
+++ b/ipatests/prci_definitions/nightly_ipa-4-9_previous.yaml
|
|
|
e0e1b7 |
@@ -1627,7 +1627,7 @@ jobs:
|
|
|
e0e1b7 |
build_url: '{fedora-previous-ipa-4-9/build_url}'
|
|
|
e0e1b7 |
test_suite: test_integration/test_trust.py
|
|
|
e0e1b7 |
template: *ci-ipa-4-9-previous
|
|
|
e0e1b7 |
- timeout: 9000
|
|
|
e0e1b7 |
+ timeout: 10000
|
|
|
e0e1b7 |
topology: *adroot_adchild_adtree_master_1client
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
fedora-previous-ipa-4-9/test_backup_and_restore_TestBackupAndRestoreTrust:
|
|
|
e0e1b7 |
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
index 0634badbb..ff2dd9cc8 100644
|
|
|
e0e1b7 |
--- a/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
+++ b/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
@@ -62,11 +62,12 @@ class BaseTestTrust(IntegrationTest):
|
|
|
e0e1b7 |
cls.check_sid_generation()
|
|
|
e0e1b7 |
tasks.sync_time(cls.master, cls.ad)
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
- cls.child_ad = cls.ad_subdomains[0]
|
|
|
e0e1b7 |
- cls.ad_subdomain = cls.child_ad.domain.name
|
|
|
e0e1b7 |
- cls.tree_ad = cls.ad_treedomains[0]
|
|
|
e0e1b7 |
- cls.ad_treedomain = cls.tree_ad.domain.name
|
|
|
e0e1b7 |
-
|
|
|
e0e1b7 |
+ if cls.num_ad_subdomains > 0:
|
|
|
e0e1b7 |
+ cls.child_ad = cls.ad_subdomains[0]
|
|
|
e0e1b7 |
+ cls.ad_subdomain = cls.child_ad.domain.name
|
|
|
e0e1b7 |
+ if cls.num_ad_treedomains > 0:
|
|
|
e0e1b7 |
+ cls.tree_ad = cls.ad_treedomains[0]
|
|
|
e0e1b7 |
+ cls.ad_treedomain = cls.tree_ad.domain.name
|
|
|
e0e1b7 |
# values used in workaround for
|
|
|
e0e1b7 |
# https://bugzilla.redhat.com/show_bug.cgi?id=1711958
|
|
|
e0e1b7 |
cls.srv_gc_record_name = \
|
|
|
e0e1b7 |
@@ -106,6 +107,63 @@ class BaseTestTrust(IntegrationTest):
|
|
|
e0e1b7 |
expected_text = 'iparangetype: %s\n' % expected_type
|
|
|
e0e1b7 |
assert expected_text in result.stdout_text
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
+ def mod_idrange_auto_private_group(
|
|
|
e0e1b7 |
+ self, option='false'
|
|
|
e0e1b7 |
+ ):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Set the auto-private-group option of the default trusted
|
|
|
e0e1b7 |
+ AD domain range.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ tasks.kinit_admin(self.master)
|
|
|
e0e1b7 |
+ rangename = self.ad_domain.upper() + '_id_range'
|
|
|
e0e1b7 |
+ error_msg = "ipa: ERROR: no modifications to be performed"
|
|
|
e0e1b7 |
+ cmd = ["ipa", "idrange-mod", rangename,
|
|
|
e0e1b7 |
+ "--auto-private-groups", option]
|
|
|
e0e1b7 |
+ result = self.master.run_command(cmd, raiseonerr=False)
|
|
|
e0e1b7 |
+ if result.returncode != 0:
|
|
|
e0e1b7 |
+ tasks.assert_error(result, error_msg)
|
|
|
e0e1b7 |
+ tasks.clear_sssd_cache(self.master)
|
|
|
e0e1b7 |
+ tasks.clear_sssd_cache(self.clients[0])
|
|
|
e0e1b7 |
+ test = self.master.run_command(["ipa", "idrange-show", rangename])
|
|
|
e0e1b7 |
+ assert "Auto private groups: {0}".format(option) in test.stdout_text
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ def get_user_id(self, host, username):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ User uid gid is parsed from the output of id user command.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ tasks.clear_sssd_cache(self.master)
|
|
|
e0e1b7 |
+ tasks.clear_sssd_cache(self.clients[0])
|
|
|
e0e1b7 |
+ self.master.run_command(["id", username])
|
|
|
e0e1b7 |
+ test_id = host.run_command(["id", username])
|
|
|
e0e1b7 |
+ regex = r"^uid=(?P<uid>\d+).*gid=(?P<gid>\d+).*groups=(?P<groups>\d+)"
|
|
|
e0e1b7 |
+ match = re.match(regex, test_id.stdout_text)
|
|
|
e0e1b7 |
+ uid = match.group('uid')
|
|
|
e0e1b7 |
+ gid = match.group('gid')
|
|
|
e0e1b7 |
+ return uid, gid
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @contextmanager
|
|
|
e0e1b7 |
+ def set_idoverrideuser(self, user, uid, gid):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Fixture to add/remove idoverrideuser for default idview,
|
|
|
e0e1b7 |
+ also creates idm group with the provided gid because
|
|
|
e0e1b7 |
+ gid overrides requires an existing group.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ tasks.clear_sssd_cache(self.master)
|
|
|
e0e1b7 |
+ tasks.clear_sssd_cache(self.clients[0])
|
|
|
e0e1b7 |
+ tasks.kinit_admin(self.master)
|
|
|
e0e1b7 |
+ try:
|
|
|
e0e1b7 |
+ args = ["ipa", "idoverrideuser-add", "Default Trust View",
|
|
|
e0e1b7 |
+ "--gid", gid, "--uid", uid, user]
|
|
|
e0e1b7 |
+ self.master.run_command(args)
|
|
|
e0e1b7 |
+ tasks.group_add(self.master, "idgroup",
|
|
|
e0e1b7 |
+ extra_args=["--gid", gid])
|
|
|
e0e1b7 |
+ yield
|
|
|
e0e1b7 |
+ finally:
|
|
|
e0e1b7 |
+ self.master.run_command([
|
|
|
e0e1b7 |
+ "ipa", "idoverrideuser-del", "Default Trust View", user]
|
|
|
e0e1b7 |
+ )
|
|
|
e0e1b7 |
+ self.master.run_command(["ipa", "group-del", "idgroup"])
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
def remove_trust(self, ad):
|
|
|
e0e1b7 |
tasks.remove_trust_with_ad(self.master,
|
|
|
e0e1b7 |
ad.domain.name, ad.hostname)
|
|
|
e0e1b7 |
@@ -993,3 +1051,177 @@ class TestTrust(BaseTestTrust):
|
|
|
e0e1b7 |
self.master.run_command(['rm', '-f', ad_zone_file])
|
|
|
e0e1b7 |
tasks.configure_dns_for_trust(self.master, self.ad)
|
|
|
e0e1b7 |
self.remove_trust(self.ad)
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+class TestNonPosixAutoPrivateGroup(BaseTestTrust):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Tests for auto-private-groups option with non posix AD trust
|
|
|
e0e1b7 |
+ Related : https://pagure.io/freeipa/issue/8807
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ topology = 'line'
|
|
|
e0e1b7 |
+ num_ad_domains = 1
|
|
|
e0e1b7 |
+ num_clients = 1
|
|
|
e0e1b7 |
+ num_ad_subdomains = 0
|
|
|
e0e1b7 |
+ num_ad_treedomains = 0
|
|
|
e0e1b7 |
+ uid_override = "99999999"
|
|
|
e0e1b7 |
+ gid_override = "78878787"
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ def test_add_nonposix_trust(self):
|
|
|
e0e1b7 |
+ tasks.configure_dns_for_trust(self.master, self.ad)
|
|
|
e0e1b7 |
+ tasks.establish_trust_with_ad(
|
|
|
e0e1b7 |
+ self.master, self.ad_domain,
|
|
|
e0e1b7 |
+ extra_args=['--range-type', 'ipa-ad-trust'])
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
+ def test_auto_private_groups_default_trusted_range(self, type):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Modify existing range for default trusted AD domain range
|
|
|
e0e1b7 |
+ with auto-private-groups set as true/hybrid/false and test
|
|
|
e0e1b7 |
+ user with no posix attributes.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ self.mod_idrange_auto_private_group(type)
|
|
|
e0e1b7 |
+ nonposixuser = "nonposixuser@%s" % self.ad_domain
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], nonposixuser)
|
|
|
e0e1b7 |
+ if type == "true":
|
|
|
e0e1b7 |
+ assert uid == gid
|
|
|
e0e1b7 |
+ else:
|
|
|
e0e1b7 |
+ test_group = self.clients[0].run_command(["id", nonposixuser])
|
|
|
e0e1b7 |
+ gid_str = "gid={0}(domain users@{1})".format(gid, self.ad_domain)
|
|
|
e0e1b7 |
+ grp_str = "groups={0}(domain users@{1})".format(gid,
|
|
|
e0e1b7 |
+ self.ad_domain)
|
|
|
e0e1b7 |
+ assert gid_str in test_group.stdout_text
|
|
|
e0e1b7 |
+ assert grp_str in test_group.stdout_text
|
|
|
e0e1b7 |
+ assert uid != gid
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
+ def test_idoverride_with_auto_private_group(self, type):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Override ad trusted user in default trust view
|
|
|
e0e1b7 |
+ and set auto-private-groups=[hybrid,true,false]
|
|
|
e0e1b7 |
+ and ensure that overridden values takes effect.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ nonposixuser = "nonposixuser@%s" % self.ad_domain
|
|
|
e0e1b7 |
+ with self.set_idoverrideuser(nonposixuser,
|
|
|
e0e1b7 |
+ self.uid_override,
|
|
|
e0e1b7 |
+ self.gid_override
|
|
|
e0e1b7 |
+ ):
|
|
|
e0e1b7 |
+ self.mod_idrange_auto_private_group(type)
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], nonposixuser)
|
|
|
e0e1b7 |
+ assert (uid == self.uid_override and gid == self.gid_override)
|
|
|
e0e1b7 |
+ test_group = self.clients[0].run_command(
|
|
|
e0e1b7 |
+ ["id", nonposixuser]).stdout_text
|
|
|
e0e1b7 |
+ assert "domain users@{0}".format(self.ad_domain) in test_group
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
+ def test_nonposixuser_nondefault_primary_group(self, type):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Test for non default primary group.
|
|
|
e0e1b7 |
+ For hybrid/false gid corresponds to the group testgroup1.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ nonposixuser1 = "nonposixuser1@%s" % self.ad_domain
|
|
|
e0e1b7 |
+ self.mod_idrange_auto_private_group(type)
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], nonposixuser1)
|
|
|
e0e1b7 |
+ if type == "true":
|
|
|
e0e1b7 |
+ assert uid == gid
|
|
|
e0e1b7 |
+ else:
|
|
|
e0e1b7 |
+ test_group = self.clients[0].run_command(["id", nonposixuser1])
|
|
|
e0e1b7 |
+ gid_str = "gid={0}(testgroup1@{1})".format(gid, self.ad_domain)
|
|
|
e0e1b7 |
+ group = "groups={0}(testgroup1@{1})".format(gid, self.ad_domain)
|
|
|
e0e1b7 |
+ assert (gid_str in test_group.stdout_text
|
|
|
e0e1b7 |
+ and group in test_group.stdout_text)
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+class TestPosixAutoPrivateGroup(BaseTestTrust):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Tests for auto-private-groups option with posix AD trust
|
|
|
e0e1b7 |
+ Related : https://pagure.io/freeipa/issue/8807
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ topology = 'line'
|
|
|
e0e1b7 |
+ num_ad_domains = 1
|
|
|
e0e1b7 |
+ num_clients = 1
|
|
|
e0e1b7 |
+ num_ad_subdomains = 0
|
|
|
e0e1b7 |
+ num_ad_treedomains = 0
|
|
|
e0e1b7 |
+ uid_override = "99999999"
|
|
|
e0e1b7 |
+ gid_override = "78878787"
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ def test_add_posix_trust(self):
|
|
|
e0e1b7 |
+ tasks.configure_dns_for_trust(self.master, self.ad)
|
|
|
e0e1b7 |
+ tasks.establish_trust_with_ad(
|
|
|
e0e1b7 |
+ self.master, self.ad_domain,
|
|
|
e0e1b7 |
+ extra_args=['--range-type', 'ipa-ad-trust-posix'])
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
+ def test_gidnumber_not_corresponding_existing_group(self, type):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Test checks that sssd can resolve AD users which
|
|
|
e0e1b7 |
+ contain posix attributes (uidNumber and gidNumber)
|
|
|
e0e1b7 |
+ but there is no group with the corresponding gidNumber.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ posixuser = "testuser2@%s" % self.ad_domain
|
|
|
e0e1b7 |
+ self.mod_idrange_auto_private_group(type)
|
|
|
e0e1b7 |
+ if type != "true":
|
|
|
e0e1b7 |
+ result = self.clients[0].run_command(['id', posixuser],
|
|
|
e0e1b7 |
+ raiseonerr=False)
|
|
|
e0e1b7 |
+ tasks.assert_error(result, "no such user")
|
|
|
e0e1b7 |
+ else:
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], posixuser)
|
|
|
e0e1b7 |
+ assert uid == gid
|
|
|
e0e1b7 |
+ assert uid == '10060'
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
+ def test_only_uid_number_auto_private_group_default(self, type):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Test checks that posix user with only uidNumber defined
|
|
|
e0e1b7 |
+ and gidNumber not set, auto-private-group
|
|
|
e0e1b7 |
+ is set to false/true/hybrid
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ posixuser = "testuser1@%s" % self.ad_domain
|
|
|
e0e1b7 |
+ self.mod_idrange_auto_private_group(type)
|
|
|
e0e1b7 |
+ if type == "true":
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], posixuser)
|
|
|
e0e1b7 |
+ assert uid == gid
|
|
|
e0e1b7 |
+ else:
|
|
|
e0e1b7 |
+ for host in [self.master, self.clients[0]]:
|
|
|
e0e1b7 |
+ result = host.run_command(['id', posixuser], raiseonerr=False)
|
|
|
e0e1b7 |
+ tasks.assert_error(result, "no such user")
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
+ def test_auto_private_group_primary_group(self, type):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Test checks that AD users which contain posix attributes
|
|
|
e0e1b7 |
+ (uidNumber and gidNumber) and there is primary group
|
|
|
e0e1b7 |
+ with gid number defined.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ posixuser = "testuser@%s" % self.ad_domain
|
|
|
e0e1b7 |
+ self.mod_idrange_auto_private_group(type)
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], posixuser)
|
|
|
e0e1b7 |
+ test_grp = self.clients[0].run_command(["id", posixuser])
|
|
|
e0e1b7 |
+ assert uid == '10042'
|
|
|
e0e1b7 |
+ if type == "true":
|
|
|
e0e1b7 |
+ assert uid == gid
|
|
|
e0e1b7 |
+ groups = "groups=10042(testuser@{0}),10047(testgroup@{1})".format(
|
|
|
e0e1b7 |
+ self.ad_domain, self.ad_domain)
|
|
|
e0e1b7 |
+ assert groups in test_grp.stdout_text
|
|
|
e0e1b7 |
+ else:
|
|
|
e0e1b7 |
+ assert gid == '10047'
|
|
|
e0e1b7 |
+ groups = "10047(testgroup@{0})".format(self.ad_domain)
|
|
|
e0e1b7 |
+ assert groups in test_grp.stdout_text
|
|
|
e0e1b7 |
+
|
|
|
e0e1b7 |
+ @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
+ def test_idoverride_with_auto_private_group(self, type):
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ Override ad trusted user in default trust view
|
|
|
e0e1b7 |
+ and set auto-private-groups=[hybrid,true,false]
|
|
|
e0e1b7 |
+ and ensure that overridden values takes effect.
|
|
|
e0e1b7 |
+ """
|
|
|
e0e1b7 |
+ posixuser = "testuser@%s" % self.ad_domain
|
|
|
e0e1b7 |
+ with self.set_idoverrideuser(posixuser,
|
|
|
e0e1b7 |
+ self.uid_override,
|
|
|
e0e1b7 |
+ self.gid_override):
|
|
|
e0e1b7 |
+ self.mod_idrange_auto_private_group(type)
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], posixuser)
|
|
|
e0e1b7 |
+ assert(uid == self.uid_override
|
|
|
e0e1b7 |
+ and gid == self.gid_override)
|
|
|
e0e1b7 |
+ result = self.clients[0].run_command(['id', posixuser])
|
|
|
e0e1b7 |
+ assert "10047(testgroup@{0})".format(
|
|
|
e0e1b7 |
+ self.ad_domain) in result.stdout_text
|
|
|
e0e1b7 |
--
|
|
|
e0e1b7 |
2.35.1
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
From 84381001d2e114b1f29fe89e16155c040b56b80f Mon Sep 17 00:00:00 2001
|
|
|
e0e1b7 |
From: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
Date: Thu, 10 Feb 2022 17:07:45 +0530
|
|
|
e0e1b7 |
Subject: [PATCH] mark xfail for
|
|
|
e0e1b7 |
test_idoverride_with_auto_private_group[hybrid]
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Related : https://github.com/SSSD/sssd/issues/5989
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Signed-off-by: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
e0e1b7 |
Reviewed-By: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
---
|
|
|
e0e1b7 |
ipatests/test_integration/test_trust.py | 7 ++++++-
|
|
|
e0e1b7 |
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
index ff2dd9cc8..54bd15462 100644
|
|
|
e0e1b7 |
--- a/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
+++ b/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
@@ -15,6 +15,7 @@ from ipaplatform.paths import paths
|
|
|
e0e1b7 |
from ipatests.test_integration.base import IntegrationTest
|
|
|
e0e1b7 |
from ipatests.pytest_ipa.integration import tasks
|
|
|
e0e1b7 |
from ipatests.pytest_ipa.integration import fips
|
|
|
e0e1b7 |
+from ipatests.util import xfail_context
|
|
|
e0e1b7 |
from ipapython.dn import DN
|
|
|
e0e1b7 |
from collections import namedtuple
|
|
|
e0e1b7 |
from contextlib import contextmanager
|
|
|
e0e1b7 |
@@ -1110,7 +1111,11 @@ class TestNonPosixAutoPrivateGroup(BaseTestTrust):
|
|
|
e0e1b7 |
assert (uid == self.uid_override and gid == self.gid_override)
|
|
|
e0e1b7 |
test_group = self.clients[0].run_command(
|
|
|
e0e1b7 |
["id", nonposixuser]).stdout_text
|
|
|
e0e1b7 |
- assert "domain users@{0}".format(self.ad_domain) in test_group
|
|
|
e0e1b7 |
+ version = tasks.get_sssd_version(self.clients[0])
|
|
|
e0e1b7 |
+ with xfail_context(version <= tasks.parse_version('2.6.3')
|
|
|
e0e1b7 |
+ and type == "hybrid",
|
|
|
e0e1b7 |
+ 'https://github.com/SSSD/sssd/issues/5989'):
|
|
|
e0e1b7 |
+ assert "domain users@{0}".format(self.ad_domain) in test_group
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
@pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
def test_nonposixuser_nondefault_primary_group(self, type):
|
|
|
e0e1b7 |
--
|
|
|
e0e1b7 |
2.35.1
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
From 7ad500e5d3f7d9af81e8a3137158672c6fafb0b4 Mon Sep 17 00:00:00 2001
|
|
|
e0e1b7 |
From: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
Date: Thu, 10 Feb 2022 17:29:45 +0530
|
|
|
e0e1b7 |
Subject: [PATCH] Mark xfail
|
|
|
e0e1b7 |
test_gidnumber_not_corresponding_existing_group[true,hybrid]
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Related : https://github.com/SSSD/sssd/issues/5988
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Signed-off-by: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
e0e1b7 |
Reviewed-By: Anuja More <amore@redhat.com>
|
|
|
e0e1b7 |
---
|
|
|
e0e1b7 |
ipatests/test_integration/test_trust.py | 9 ++++++---
|
|
|
e0e1b7 |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
index 54bd15462..c12837815 100644
|
|
|
e0e1b7 |
--- a/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
+++ b/ipatests/test_integration/test_trust.py
|
|
|
e0e1b7 |
@@ -1169,9 +1169,12 @@ class TestPosixAutoPrivateGroup(BaseTestTrust):
|
|
|
e0e1b7 |
raiseonerr=False)
|
|
|
e0e1b7 |
tasks.assert_error(result, "no such user")
|
|
|
e0e1b7 |
else:
|
|
|
e0e1b7 |
- (uid, gid) = self.get_user_id(self.clients[0], posixuser)
|
|
|
e0e1b7 |
- assert uid == gid
|
|
|
e0e1b7 |
- assert uid == '10060'
|
|
|
e0e1b7 |
+ sssd_version = tasks.get_sssd_version(self.clients[0])
|
|
|
e0e1b7 |
+ with xfail_context(sssd_version <= tasks.parse_version('2.6.3'),
|
|
|
e0e1b7 |
+ 'https://github.com/SSSD/sssd/issues/5988'):
|
|
|
e0e1b7 |
+ (uid, gid) = self.get_user_id(self.clients[0], posixuser)
|
|
|
e0e1b7 |
+ assert uid == gid
|
|
|
e0e1b7 |
+ assert uid == '10060'
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
@pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
|
|
|
e0e1b7 |
def test_only_uid_number_auto_private_group_default(self, type):
|
|
|
e0e1b7 |
--
|
|
|
e0e1b7 |
2.35.1
|
|
|
e0e1b7 |
|