Tests: Basic coverage with tree root domain

Extend existing legacy client tests to cover test cases with tree root domain.

https://fedorahosted.org/freeipa/ticket/6489

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

1 files changed, 90 insertions, 1 deletions

diff --git a/ipatests/test_integration/test_legacy_clients.py b/ipatests/test_integration/test_legacy_clients.py
index 8bd680a56..3f33ac0ea 100644
--- a/ipatests/test_integration/test_legacy_clients.py
+++ b/ipatests/test_integration/test_legacy_clients.py
@@ -58,6 +58,8 @@ class BaseTestLegacyClient(object):
     testuser_gid_regex = None
     subdomain_testuser_uid_regex = None
     subdomain_testuser_gid_regex = None
+    treedomain_testuser_uid_regex = None
+    treedomain_testuser_gid_regex = None
 
     # To allow custom validation dependent on the trust type
     posix_trust = False
@@ -326,6 +328,81 @@ class BaseTestLegacyClient(object):
 
         assert result.returncode != 0
 
+    def test_getent_treedomain_ad_user(self):
+        if not self.ad_treedomain:
+            raise nose.SkipTest('AD tree root domain is not available.')
+
+        self.clear_sssd_caches()
+        testuser = 'treetestuser@{0}'.format(self.ad_treedomain)
+        result = self.legacy_client.run_command(['getent', 'passwd', testuser])
+
+        testuser_regex = ("treetestuser@{0}:\*:{1}:{2}:TreeTest User:"
+                          "/home/{0}/treetestuser:/bin/sh".format(
+                              re.escape(self.ad_treedomain),
+                              self.treedomain_testuser_uid_regex,
+                              self.treedomain_testuser_gid_regex))
+
+        assert re.search(testuser_regex, result.stdout_text)
+
+    def test_getent_treedomain_ad_group(self):
+        if not self.ad_treedomain:
+            raise nose.SkipTest('AD tree root domain is not available')
+
+        self.clear_sssd_caches()
+        testgroup = 'treetestgroup@{0}'.format(self.ad_treedomain)
+        result = self.legacy_client.run_command(['getent', 'group', testgroup])
+
+        testgroup_stdout = "{0}:\*:{1}:".format(
+                           testgroup, self.treedomain_testuser_gid_regex)
+
+        assert re.search(testgroup_stdout, result.stdout_text)
+
+    def test_id_treedomain_ad_user(self):
+        if not self.ad_treedomain:
+            raise nose.SkipTest('AD tree root domain is not available')
+
+        self.clear_sssd_caches()
+
+        testuser = 'treetestuser@{0}'.format(self.ad_treedomain)
+        testgroup = 'treetestgroup@{0}'.format(self.ad_treedomain)
+
+        result = self.legacy_client.run_command(['id', testuser])
+
+        # Only for POSIX trust testing does the testuser belong to the
+        # testgroup
+
+        group_name = '\({}\)'.format(testgroup) if self.posix_trust else ''
+
+        uid_regex = "uid={0}\({1}\)".format(
+                    self.treedomain_testuser_uid_regex, testuser)
+
+        gid_regex = "gid={0}{1}".format(
+                    self.treedomain_testuser_gid_regex, group_name)
+
+        group_regex = "groups={0}{1}".format(
+                      self.treedomain_testuser_gid_regex, group_name)
+
+        assert re.search(uid_regex, result.stdout_text)
+        assert re.search(gid_regex, result.stdout_text)
+        assert re.search(group_regex, result.stdout_text)
+
+    def test_login_treedomain_ad_user(self):
+        if not self.ad_treedomain:
+            raise nose.SkipTest('AD tree root domain is not available.')
+
+        if not self.master.transport.file_exists('/usr/bin/sshpass'):
+            raise nose.SkipTest('Package sshpass not available on {}'.format(
+                                self.master.hostname))
+
+        result = self.master.run_command(
+            'sshpass -p {0} ssh -o StrictHostKeyChecking=no '
+            '-l admin {1} "echo test"'.format(
+                self.legacy_client.config.admin_password,
+                self.legacy_client.external_hostname))
+
+        assert "test" in result.stdout_text
+
+
     @classmethod
     def install(cls, mh):
         super(BaseTestLegacyClient, cls).install(mh)
@@ -354,10 +431,18 @@ class BaseTestLegacyClient(object):
         try:
             child_ad = cls.host_by_role(cls.optional_extra_roles[0])
             cls.ad_subdomain = '.'.join(
-                                   child_ad.hostname.split('.')[1:])
+                child_ad.hostname.split('.')[1:])
         except LookupError:
             cls.ad_subdomain = None
 
+        # Determine whether the tree domain AD is available
+        try:
+            cls.tree_ad = cls.host_by_role(cls.optional_extra_roles[1])
+            cls.ad_treedomain = '.'.join(
+                cls.tree_ad.hostname.split('.')[1:])
+        except LookupError:
+            cls.ad_treedomain = None
+
         tasks.apply_common_fixes(cls.legacy_client)
 
         for f in cls.backup_files:
@@ -418,6 +503,8 @@ class BaseTestLegacyClientPosix(BaseTestLegacyClient,
     testuser_gid_regex = '10047'
     subdomain_testuser_uid_regex = '10142'
     subdomain_testuser_gid_regex = '10147'
+    treedomain_testuser_uid_regex = '10242'
+    treedomain_testuser_gid_regex = '10247'
     posix_trust = True
 
     def test_remove_trust_with_posix_attributes(self):
@@ -431,6 +518,8 @@ class BaseTestLegacyClientNonPosix(BaseTestLegacyClient,
     testuser_gid_regex = '(?!10047)(\d+)'
     subdomain_testuser_uid_regex = '(?!10142)(\d+)'
     subdomain_testuser_gid_regex = '(?!10147)(\d+)'
+    treedomain_testuser_uid_regex = '(?!10242)(\d+)'
+    treedomain_testuser_gid_regex = '(?!10247)(\d+)'
 
     def test_remove_nonposix_trust(self):
         pass