diff options
Diffstat (limited to 'ipatests')
-rw-r--r-- | ipatests/test_integration/test_netgroup.py | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_netgroup.py b/ipatests/test_integration/test_netgroup.py new file mode 100644 index 000000000..45f2f3f15 --- /dev/null +++ b/ipatests/test_integration/test_netgroup.py @@ -0,0 +1,169 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +import pytest + +from ipatests.test_integration.base import IntegrationTest +from ipatests.test_integration.tasks import clear_sssd_cache + + +test_data = [] +for i in range(3): + data = { + 'user': { + 'login': 'testuser_{}'.format(i), + 'first': 'Test_{}'.format(i), + 'last': 'User_{}'.format(i), + }, + 'netgroup': 'testgroup_{}'.format(i), + 'nested_netgroup': 'testgroup_{}'.format(i-1) if i > 0 else None + } + test_data.append(data) + members = [d['user']['login'] for d in test_data] + test_data[-1]['netgroup_nested_members'] = members + + +@pytest.fixture() +def three_netgroups(request): + """Prepare basic netgroups with users""" + + for d in test_data: + request.cls.master.run_command(['ipa', 'user-add', d['user']['login'], + '--first', d['user']['first'], + '--last', d['user']['last']], + raiseonerr=False) + + request.cls.master.run_command(['ipa', 'netgroup-add', d['netgroup']], + raiseonerr=False) + + user_opt = '--users={u[login]}'.format(u=d['user']) + request.cls.master.run_command(['ipa', 'netgroup-add-member', user_opt, + d['netgroup']], raiseonerr=False) + + def teardown_three_netgroups(): + """Clean basic netgroups with users""" + for d in test_data: + request.cls.master.run_command(['ipa', 'user-del', + d['user']['login']], + raiseonerr=False) + + request.cls.master.run_command(['ipa', 'netgroup-del', + d['netgroup']], + raiseonerr=False) + + request.addfinalizer(teardown_three_netgroups) + + +class TestNetgroups(IntegrationTest): + """ + Test Netgroups + """ + + topology = 'line' + + def check_users_in_netgroups(self): + """Check if users are in groups, no nested things""" + master = self.master + clear_sssd_cache(master) + + for d in test_data: + result = master.run_command(['getent', 'passwd', + d['user']['login']], raiseonerr=False) + assert result.returncode == 0 + + user = '{u[first]} {u[last]}'.format(u=d['user']) + assert user in result.stdout_text + + result = master.run_command(['getent', 'netgroup', + d['netgroup']], raiseonerr=False) + assert result.returncode == 0 + + netgroup = '(-,{},{})'.format(d['user']['login'], + self.master.domain.name) + assert netgroup in result.stdout_text + + def check_nested_netgroup_hierarchy(self): + """Check if nested netgroups hierarchy is complete""" + master = self.master + clear_sssd_cache(master) + + for d in test_data: + result = master.run_command(['getent', 'netgroup', d['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + + for member in d['netgroup_nested_members']: + if not member: + continue + + netgroup = '(-,{},{})'.format(member, self.master.domain.name) + assert netgroup in result.stdout_text + + def prepare_nested_netgroup_hierarchy(self): + """Prepares nested netgroup hierarchy from basic netgroups""" + for d in test_data: + if not d['nested_netgroup']: + continue + + netgroups_opt = '--netgroups={}'.format(d['nested_netgroup']) + self.master.run_command(['ipa', 'netgroup-add-member', + netgroups_opt, d['netgroup']]) + + def test_add_nested_netgroup(self, three_netgroups): + """Test of adding nested groups""" + self.check_users_in_netgroups() + self.prepare_nested_netgroup_hierarchy() + self.check_nested_netgroup_hierarchy() + + def test_remove_nested_netgroup(self, three_netgroups): + """Test of removing nested groups""" + master = self.master + + trinity = ['(-,{},{})'.format(d['user']['login'], + self.master.domain.name) + for d in test_data] + + self.check_users_in_netgroups() + self.prepare_nested_netgroup_hierarchy() + self.check_nested_netgroup_hierarchy() + + # Removing of testgroup_1 from testgroup_2 + netgroups_opt = '--netgroups={n[netgroup]}'.format(n=test_data[0]) + result = self.master.run_command(['ipa', 'netgroup-remove-member', + netgroups_opt, + test_data[1]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + clear_sssd_cache(master) + + result = master.run_command(['getent', 'netgroup', + test_data[1]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + assert trinity[1] in result.stdout_text + + result = master.run_command(['getent', 'netgroup', + test_data[2]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + assert trinity[0] not in result.stdout_text + assert trinity[1] in result.stdout_text + assert trinity[2] in result.stdout_text + + # Removing of testgroup_2 from testgroup_3 + netgroups_opt = '--netgroups={n[netgroup]}'.format(n=test_data[1]) + result = self.master.run_command(['ipa', 'netgroup-remove-member', + netgroups_opt, + test_data[2]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + clear_sssd_cache(master) + + result = master.run_command(['getent', 'netgroup', + test_data[2]['netgroup']], + raiseonerr=False) + assert result.returncode == 0 + assert trinity[0] not in result.stdout_text + assert trinity[1] not in result.stdout_text + assert trinity[2] in result.stdout_text |