test_files_provider.py revision 4a9100a588ade253cecb2224b95bd8caa8136109
gecos=
'User for tests from alt files',
"""Start sssd and add teardown for stopping it and removing state""" """Generate sssd.conf and add teardown for removing it""" passwd_files = {passwd_list} group_files = {group_list} enable_files_domain = true enable_files_domain = true enable_files_domain = false If we query SSSD while it's updating its cache, it would return NOTFOUND rather than a result from potentially outdated or incomplete cache. In reality this doesn't hurt because the order of the modules is normally "sss files" so the user lookup would fall back to files. But in tests we use this loop to wait until the canary user who is always there is # There is an issue in nss_wrapper [0] and nss_wrapper always looks into # the files first before using the NSS module. This lets this check fail # because the user is found in the file and hence will be returned # without overridden values. # In order to work this around while there's no fix for nss_wrapper, let's # use the fully-qualified name when looking up the USER1 # There is an issue in nss_wrapper [0] and nss_wrapper always looks into # the files first before using the NSS module. This lets this check fail # because the user is found in the file and hence will be returned # without overridden values. # In order to work this around while there's no fix for nss_wrapper, let's # use the fully-qualified name when looking up the GROUP1 Test that after startup without any additional operations, a user can be resolved through sssd Test that after startup without any additional operations, a user can be resolved through sssd Test that user override works with files domain only Test that user override works with files domain only Test that a nonexistent user cannot be resolved by name Test that a nonexistent user cannot be resolved by UID SSSD currently does not resolve the root user even though it can be resolved through the NSS interface SSSD currently does not resolve the UID 0 even though it can be resolved through the NSS interface Test that removing a user is detected and the user is removed from the sssd database. Similarly, an add should be detected. Do this several times to test retaining the inotify watch for moved and unlinked files. Test that modifying a user shell is detected and the user is modified in the sssd database Test that enumerating all users works with the default configuration. Also test that removing all entries and then enumerating again returns an empty # +1 because the canary is added Test that resolving a user without a shell defined works and returns Test that resolving a user without a homedir defined works and returns Test that resolving a user without a gecos defined works and returns Test that resolving a user without a password defined works and returns Test resolving an incomplete user where the missing field is required to be present in the user record and thus the user shouldn't resolve. We cannot test UID and GID missing because nss_wrapper doesn't even load the malformed passwd file, then. Test that after startup without any additional operations, a group can be resolved through sssd by name Test that after startup without any additional operations, a group can be resolved through sssd by GID Test that a nonexistent group cannot be resolved Test that a nonexistent group cannot be resolved SSSD currently does not resolve the root group even though it can be resolved through the NSS interface SSSD currently does not resolve the group with GID 0 even though it can be resolved through the NSS interface Test that removing a group is detected and the group is removed from the sssd database. Similarly, an add should be detected. Do this several times to test retaining the inotify watch for moved and unlinked files. Test that modifying a group name is detected and the group is modified in the sssd database Test that modifying a group name is detected and the group is modified in the sssd database Test that after startup without any additional operations, a group can be resolved through sssd The reverse is added so that we test cases where a group is added first, then a user for this group is created -- in that case, we need to properly link the group after the user is added. # Test that users are members as per getgrnam # Test that users are members as per initgroups A user is linked with a group Multiple users are linked with a group A group is linked with a user Test that a group with members while the members are not present are added as ghosts. This is also what nss_files does, getgrnam would return group members that do not exist as well. # We checked that the group added has the same members as group12, # so both user1 and user2. Now check that user1 is a member of # group12 and its own primary GID but user2 doesn't exist, it's Test that a group with one member and one ghost. Test that a group with one member and one ghost, adding the group first and then linking the member Test that a user is linked with a group assert 'group_nomem' in groups assert 'group_nomem' in groups # User1 exists, but is not a member of any supplementary group anymore assert 'group_nomem' in groups Test that a user is linked with a group # Add this user and verify it's been added as a member assert 'group_nomem' in groups # Intentionally not including the the last one because Test that returning exactly FILES_REALLOC_CHUNK users (see files_ops.c) works fine to test reallocation logic. Test exact number of users to check for off-by-one errors. Test that returning exactly FILES_REALLOC_CHUNK users (see files_ops.c) works fine to test reallocation logic. Test that returning exactly FILES_REALLOC_CHUNK groups (see files_ops.c) works fine to test reallocation logic. Test exact number of groups to check for off-by-one errors. Test that returning exactly FILES_REALLOC_CHUNK groups (see files_ops.c) works fine to test reallocation logic. Test exact number of groups to check for off-by-one errors. # Files domain autoconfiguration tests Test that if no sssd domain is configured, sssd will add the implicit one Test that implicit_files domain is not started together with proxy to files # Add a user with a different UID than the one in files [
"sss_useradd",
"-u",
"10009",
"-M",
USER1[
"name"]])
Test that if no files domain is configured, sssd will add the implicit one before any explicitly configured domains # Add a user with a different UID than the one in files [
"sss_useradd",
"-u",
"10009",
"-M",
USER1[
"name"]])
# Even though the local domain is the only one configured, # files will be resolved first Test that if no files domain is configured, sssd will add the implicit one before any explicitly configured domains # The local user will not be resolvable through nss_sss now Test that running without sssd.conf implicitly configures one with Test that users and groups can be mirrored from multiple files