8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# integration test for sss_override tool
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Copyright (c) 2015 Red Hat, Inc.
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Author: Pavel Reichl <preichl@redhat.com>
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# This is free software; you can redistribute it and/or modify it
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# under the terms of the GNU General Public License as published by
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# the Free Software Foundation; version 2 only
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# This program is distributed in the hope that it will be useful, but
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# WITHOUT ANY WARRANTY; without even the implied warranty of
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# General Public License for more details.
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# You should have received a copy of the GNU General Public License
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# along with this program. If not, see <http://www.gnu.org/licenses/>.
49dd8ee2834d9477418961dbaffa4a03cfa9fd1eRené Genz # In Python 2.6, the module subprocess does not have the function
49dd8ee2834d9477418961dbaffa4a03cfa9fd1eRené Genz # check_output. This is a fallback implementation.
3569ade3eaf9bf13c522d228019da228de55398aLukas Slebodnik raise ValueError('stdout argument not allowed, it will be '
3569ade3eaf9bf13c522d228019da228de55398aLukas Slebodnik 'overridden.')
3569ade3eaf9bf13c522d228019da228de55398aLukas Slebodnik process = subprocess.Popen(stdout=subprocess.PIPE, *popenargs,
3569ade3eaf9bf13c522d228019da228de55398aLukas Slebodnik raise subprocess.CalledProcessError(retcode, cmd, output=output)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """LDAP server instance fixture"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl request.addfinalizer(lambda: ds_inst.teardown())
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """LDAP server connection fixture"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl request.addfinalizer(lambda: ldap_conn.unbind_s())
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef create_ldap_fixture(request, ldap_conn, ent_list):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Add LDAP entries and add teardown for removing them"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Generate sssd.conf and add teardown for removing it"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl request.addfinalizer(lambda: os.unlink(config.CONF_PATH))
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Start sssd"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Start sssd and add teardown for stopping it and removing state"""
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bosedef prepare_sssd(request, ldap_conn, use_fully_qualified_names=False,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Prepare SSSD with defaults"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl domains = LDAP
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl services = nss
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl memcache_timeout = 1
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ldap_auth_disable_tls_never_use_in_production = true
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ldap_schema = rfc2307
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl id_provider = ldap
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl auth_provider = ldap
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl sudo_provider = ldap
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ldap_uri = {ldap_conn.ds_inst.ldap_url}
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ldap_search_base = {ldap_conn.ds_inst.base_dn}
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl use_fully_qualified_names = {use_fully_qualified_names}
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose case_sensitive = {case_sensitive}
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # remove user export file
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Common asserts for users
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl user1 = dict(name='user1', passwd='*', uid=10001, gid=20001,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl user2 = dict(name='user2', passwd='*', uid=10002, gid=20001,
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek user1 = dict(name=name1, passwd='*', uid=10010, gid=20010,
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek user2 = dict(name=name2, passwd='*', uid=10020, gid=20020,
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek ent.assert_passwd_by_name('ov_user1@LDAP', user1)
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek ent.assert_passwd_by_name('ov_user2@LDAP', user2)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Common fixtures for users
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_two_users_and_group(request, ldap_conn):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Add entries
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl create_ldap_fixture(request, ldap_conn, ent_list)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_two_users_and_group_overriden(request, ldap_conn,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user1",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user2@LDAP",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Simple user override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_simple_user_override(request, ldap_conn, env_two_users_and_group):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user1",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user2@LDAP",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_simple_user_override(ldap_conn, env_simple_user_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Test entries are overriden"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Root user override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_root_user_override(request, ldap_conn, env_two_users_and_group):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user1",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user2",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_root_user_override(ldap_conn, env_root_user_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Test entries are not overriden to root"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Override does not have to happen completly, trying to set uid or gid
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # to 0 is simply ignored.
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl dict(name='ov_user1', passwd='*', uid=10001, gid=20001,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # We can create override with name root. This test is just for tracking
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # that this particular behavior won't change.
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl dict(name='root', passwd='*', uid=10020, gid=20020,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Override replaces previous override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_replace_user_override(request, ldap_conn):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Add entries
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl create_ldap_fixture(request, ldap_conn, ent_list)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl dict(name='user1', passwd='*', uid=10001, gid=20001,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user1",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl dict(name='ov_user1', passwd='*', uid=10010, gid=20010,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Override of override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user1",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_replace_user_override(ldap_conn, env_replace_user_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl user = dict(name='ov2_user1', passwd='*', uid=10100, gid=20100,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_passwd_by_name('ov2_user1@LDAP', user)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Override removal
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_remove_user_override(request, ldap_conn,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Drop all overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-del", "user1"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-del", "user2@LDAP"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Avoid hitting memory cache
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_remove_user_override(ldap_conn, env_remove_user_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Test entries are not overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_imp_exp_user_override(request, ldap_conn,
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Export overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-export", OVERRIDE_FILENAME])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Drop all overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-del", "user1"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-del", "user2@LDAP"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Avoid hitting memory cache
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Import overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-import",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_imp_exp_user_override(ldap_conn, env_imp_exp_user_override):
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek# Regression test for bug 3179
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židekdef test_imp_exp_user_overrride_noname(ldap_conn,
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "user-add", "user1",
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "user-add", "user2@LDAP",
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Restart SSSD so the override might take effect
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Assert entries are overriden
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Export overrides
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "user-export", OVERRIDE_FILENAME])
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Drop all overrides
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "user-del", "user1"])
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "user-del", "user2@LDAP"])
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Avoid hitting memory cache
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Assert entries are not overridden
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Import overrides
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "user-import",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Override user-show
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_show_user_override(ldap_conn, env_show_user_override):
69f6b919be962b8be78320ffab8607b8d9a0e4c6Lukas Slebodnik out = check_output(['sss_override', 'user-show', 'user1']).decode('utf-8')
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl assert out == "user1@LDAP:ov_user1:10010:20010:Overriden User 1:"\
69f6b919be962b8be78320ffab8607b8d9a0e4c6Lukas Slebodnik out = check_output(['sss_override', 'user-show',
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl assert out == "user2@LDAP:ov_user2:10020:20020:Overriden User 2:"\
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Return error on non-existing user
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ret = subprocess.call(['sss_override', 'user-show', 'nonexisting_user'])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Override user-find
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_find_user_override(ldap_conn, env_find_user_override):
69f6b919be962b8be78320ffab8607b8d9a0e4c6Lukas Slebodnik out = check_output(['sss_override', 'user-find']).decode('utf-8')
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Expected override of users
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl exp_usr_ovrd = ['user1@LDAP:ov_user1:10010:20010:Overriden User 1:'
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl 'user2@LDAP:ov_user2:10020:20020:Overriden User 2:'
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl assert set(out.splitlines()) == set(exp_usr_ovrd)
3569ade3eaf9bf13c522d228019da228de55398aLukas Slebodnik out = check_output(['sss_override', 'user-find', '--domain=LDAP'])
69f6b919be962b8be78320ffab8607b8d9a0e4c6Lukas Slebodnik assert set(out.decode('utf-8').splitlines()) == set(exp_usr_ovrd)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Unexpected parameter is reported
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ret = subprocess.call(['sss_override', 'user-find', 'PARAM'])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Group tests
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Common group asserts
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl empty_group = dict(gid=3002, mem=ent.contains_only())
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl group = dict(gid=3001, mem=ent.contains_only("user1", "user2"))
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek ent.assert_group_by_name("ov_group@LDAP", group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group@LDAP", empty_group)
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek ent.assert_group_by_name("ov_empty_group", empty_group)
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek ent.assert_group_by_name("ov_empty_group@LDAP", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl empty_group = dict(gid=2002, mem=ent.contains_only())
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl group = dict(gid=2001, mem=ent.contains_only("user1", "user2"))
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group@LDAP", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Common fixtures for groups
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Add entries
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl create_ldap_fixture(request, ldap_conn, ent_list)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overriden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_group_override(request, ldap_conn, env_group_basic):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "group",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Simple group override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_simple_group_override(request, ldap_conn, env_group_basic):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "group",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_simple_group_override(ldap_conn, env_simple_group_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Test entries are overriden"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Root group override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_root_group_override(request, ldap_conn, env_group_basic):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "group",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_root_group_override(ldap_conn, env_root_group_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl """Test entries are overriden"""
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl group = dict(gid=2001, mem=ent.contains_only("user1", "user2"))
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl empty_group = dict(gid=2002, mem=ent.contains_only())
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("ov_group@LDAP", group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("ov_empty_group", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group@LDAP", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("ov_empty_group@LDAP", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Replace group override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_replace_group_override(request, ldap_conn, env_group_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Override of override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "group",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Restart SSSD so the override might take effect
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_replace_group_override(ldap_conn, env_replace_group_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Test overrides are overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl group = dict(gid=4001, mem=ent.contains_only("user1", "user2"))
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl empty_group = dict(gid=4002, mem=ent.contains_only())
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("ov2_group@LDAP", group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("empty_group@LDAP", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("ov2_empty_group", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent.assert_group_by_name("ov2_empty_group@LDAP", empty_group)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Remove group override
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_remove_group_override(request, ldap_conn, env_group_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Drop all overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-del", "group"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-del", "empty_group@LDAP"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Avoid hitting memory cache
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_remove_group_override(ldap_conn, env_remove_group_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Test overrides were dropped
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Overridde group import/export
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef env_imp_exp_group_override(request, ldap_conn, env_group_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Export overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-export",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Drop all overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-del", "group"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-del", "empty_group@LDAP"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Avoid hitting memory cache
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Import overrides
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "group-import",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_imp_exp_group_override(ldap_conn, env_imp_exp_group_override):
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek# Regression test for bug 3179
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židekdef test_imp_exp_group_override_noname(ldap_conn, env_group_basic):
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Override - do not use -n here)
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "group-add", "group",
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Restart SSSD so the override might take effect
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Assert entries are overridden
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Export overrides
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "group-export",
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Drop all overrides
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "group-del", "group"])
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "group-del", "empty_group@LDAP"])
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Avoid hitting memory cache
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek # Import overrides
1c72723cde8bea0d390b928c7cd29e48e7a7deabMichal Židek subprocess.check_call(["sss_override", "group-import",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Regression test for bug #2802
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# sss_override segfaults when accidentally adding --help flag to some commands
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_regr_2802_override(ldap_conn, env_regr_2802_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-del", "--help"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Regression test for bug #2757
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# sss_override does not work correctly when 'use_fully_qualified_names = True'
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl prepare_sssd(request, ldap_conn, use_fully_qualified_names=True)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Add entries
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl create_ldap_fixture(request, ldap_conn, ent_list)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl 'user1@LDAP',
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl dict(name='user1@LDAP', passwd='*', uid=10001, gid=20001))
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user1@LDAP",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_regr_2757_override(ldap_conn, env_regr_2757_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl 'user1@LDAP',
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl 'alias1@LDAP',
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# Regression test for bug #2790
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl# sss_override --name doesn't work with RFC2307 and ghost users
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Add entries
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl create_ldap_fixture(request, ldap_conn, ent_list)
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are not overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user1",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl subprocess.check_call(["sss_override", "user-add", "user2",
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichldef test_regr_2790_override(ldap_conn, env_regr_2790_override):
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl # Assert entries are overridden
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl (res, errno, grp_list) = sssd_id.get_user_groups("alias1")
de19c0af27f1576c13bef183600136851baf767dLukas Slebodnik assert sorted(grp_list) == sorted(["20001", "group1"])
8d1dcb6af723f2968410c4b088d06d63d02b4feaPavel Reichl (res, errno, grp_list) = sssd_id.get_user_groups("alias2")
de19c0af27f1576c13bef183600136851baf767dLukas Slebodnik assert sorted(grp_list) == sorted(["20002", "group1", "group2"])
a949dfb6b03c70896e6ab3c7a10781e8ecbaadc2Lukas Slebodnik# Test fully qualified and case-insensitive names
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bosedef env_mix_cased_name_override(request, ldap_conn):
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose """Setup test for mixed case names"""
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose # Add entries
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose create_ldap_fixture(request, ldap_conn, ent_list)
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose subprocess.check_call(["sss_override", "user-add", "user1@LDAP",
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose subprocess.check_call(["sss_override", "user-add", "user2@LDAP",
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bosedef test_mix_cased_name_override(ldap_conn, env_mix_cased_name_override):
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose """Test if names with upper and lower case letter are overridden"""
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose # Assert entries are overridden
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose user1 = dict(name='ov_user1@LDAP', passwd='*', uid=10010, gid=20010,
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose user2 = dict(name='ov_user2@LDAP', passwd='*', uid=10020, gid=20020,
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose ent.assert_passwd_by_name('ov_user1@LDAP', user1)
32dd0dd34193a7566d83adf6845f5194decc3304Sumit Bose ent.assert_passwd_by_name('ov_user2@LDAP', user2)