diff options
author | Fabiano Fidêncio <fidencio@redhat.com> | 2017-06-05 15:06:12 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-06-05 17:21:37 +0200 |
commit | 13205258cc17d3833558244251f5adbc98cf34e5 (patch) | |
tree | 2f36fccd11d9c718cfb0bcdf2a75aa557b0c0bb6 | |
parent | 4c09cd008967c5c0ec358dc658ffc6fc1cef2697 (diff) | |
download | sssd-13205258cc17d3833558244251f5adbc98cf34e5.tar.gz sssd-13205258cc17d3833558244251f5adbc98cf34e5.tar.xz sssd-13205258cc17d3833558244251f5adbc98cf34e5.zip |
INTG_TESTS: Add one more test for filtered out users/groups
The added test is quite simple and basically ensures that when some
shortcut is taken in the cache_req_send() SSSD still filters out the
already cached users/groups.
The real situation the test tries to test is:
- getent passwd 1002
- sleep(2)
- getent passwd 1002
- getent group 2002
- sleep(2)
- getent group 2002
(Considering entry_negative_timeout = 1 in [nss] section of sssd.conf).
Related:
https://pagure.io/SSSD/sssd/issue/3362
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r-- | src/tests/intg/test_ldap.py | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index ea7393f5a..7ae87a366 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -1076,3 +1076,57 @@ def test_nss_filters(ldap_conn, sanity_nss_filter): grp.getgrnam("non_existent_group") with pytest.raises(KeyError): grp.getgrgid(14) + + +@pytest.fixture +def sanity_nss_filter_cached(request, ldap_conn): + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) + ent_list.add_user("user1", 1001, 2001) + ent_list.add_user("user2", 1002, 2002) + ent_list.add_user("user3", 1003, 2003) + + ent_list.add_group_bis("group1", 2001) + ent_list.add_group_bis("group2", 2002) + ent_list.add_group_bis("group3", 2003) + + create_ldap_fixture(request, ldap_conn, ent_list) + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ + unindent(""" + [nss] + filter_users = user2 + filter_groups = group2 + entry_negative_timeout = 1 + """).format(**locals()) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + return None + + +def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached): + passwd_pattern = expected_list_to_name_dict([ + dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', + dir='/home/user1', shell='/bin/bash'), + dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', + dir='/home/user3', shell='/bin/bash') + ]) + ent.assert_each_passwd_by_name(passwd_pattern) + + # test filtered user + with pytest.raises(KeyError): + pwd.getpwuid(1002) + time.sleep(2) + with pytest.raises(KeyError): + pwd.getpwuid(1002) + + group_pattern = expected_list_to_name_dict([ + dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), + dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), + ]) + ent.assert_each_group_by_name(group_pattern) + + # test filtered group + with pytest.raises(KeyError): + grp.getgrgid(2002) + time.sleep(2) + with pytest.raises(KeyError): + grp.getgrgid(2002) |