Tests: Test trasformation for netgroup with generic provider

Test trasformation for netgroup with generic provider

src/tests/system/tests/test_netgroups.py

@@ -6,6 +6,8 @@
 
 from __future__ import annotations
 
+import time
+
 import pytest
 from sssd_test_framework.roles.ad import AD
 from sssd_test_framework.roles.client import Client
@@ -241,3 +243,121 @@ def test_netgroup__lookup_nested_groups_with_host_and_domain_values_present(
     result = client.tools.getent.netgroup("nested_group")
     assert result is not None
     assert expected in result.members
+
+
+@pytest.mark.importance("low")
+@pytest.mark.ticket(bz=802207)
+@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
+def test_netgroup__fully_qualified_names(client: Client, provider: GenericProvider):
+    """
+    :title: Netgroups with fully qualified names resolves and contains the members
+    :setup:
+        1. Configure SSSD domain to use fully qualified names
+        2. Create user "user-1"
+        3. A netgroup named "ng-1" is created, "user-1" is added to this netgroup
+    :steps:
+        1. Verify the existence and membership of the netgroup "ng-1"
+    :expectedresults:
+        1. SSSD should return netgroup "ng-1" and members of the netgroup
+    :customerscenario: True
+    """
+    client.sssd.dom("test")["use_fully_qualified_names"] = "true"
+    user = provider.user("user-1").add()
+    provider.netgroup("ng-1").add().add_member(user=user)
+    client.sssd.start()
+
+    result = client.tools.getent.netgroup("ng-1")
+    assert result is not None and result.name == "ng-1", "'ng-1' Netgroup name did not match '{result.name}'"
+    assert len(result.members) == 1, "'ng-1' contains more than 1 member!"
+    assert "(-, user-1)" in result.members, "'ng-1' members did not match the expected ones!"
+
+
+@pytest.mark.importance("low")
+@pytest.mark.ticket(bz=678410)
+@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
+def test_netgroup__entry_negative_timeout(client: Client, provider: GenericProvider):
+    """
+    :title: SSSD should respect entry_negative_timeout value and should not return deleted users after
+            this timeout has expired
+    :setup:
+        1. Create user with password
+        2. Set entry_negative_timeout to 1 second
+    :steps:
+        1. Check user is present and can be used for authentication
+        2. Delete the user
+        3. Ensure user exists in SSSD cache immediately after deletion
+        4. Try ssh authentication for deleted user
+        5. Check after entry_negative_timeout user is no longer present in SSSD cache
+    :expectedresults:
+        1. User can be used for authentication
+        2. User is deleted
+        3. User exists in SSSD cache immediately after deletion
+        4. Fail ssh authentication for deleted user
+        5. After entry_negative_timeout user is no longer present in SSSD cache
+    :customerscenario: True
+    """
+    client.sssd.dom("test")["entry_negative_timeout"] = "1"
+    user = provider.user("user1").add(password="Secret123")
+    client.sssd.start()
+
+    assert client.tools.id(user.name) is not None, "'{user.name}' was not returned!"
+    client.auth.ssh.password("user1", "Secret123")
+
+    user.delete()
+    assert client.tools.id(user.name) is not None, "'{user.name}' was not returned!"
+
+    assert not client.auth.ssh.password("user1", "Secret123"), "Authentication was success!"
+
+    time.sleep(2)
+    assert client.tools.id(user.name) is None, "User is still present in SSSD cache!"
+
+
+@pytest.mark.importance("low")
+@pytest.mark.ticket(bz=645449)
+@pytest.mark.topology(KnownTopology.LDAP)
+@pytest.mark.topology(KnownTopology.AD)
+@pytest.mark.topology(KnownTopology.Samba)
+def test_netgroup__uid_gt_2147483647(client: Client, provider: GenericProvider):
+    """
+    :title: SSSD resolves users and groups with id greater than 2147483647 (Integer.MAX_VALUE)
+    :setup:
+        1. Users are added with large uid values
+        2. Groups are added with large gid values
+    :steps:
+        1. Check that SSSD resolves users and groups
+    :expectedresults:
+        1. Users and groups are resolved
+    :customerscenario: True
+    """
+    if not isinstance(provider, (LDAP, Samba, AD)):
+        raise ValueError("For ipa, 'uid': can be at most 2147483647")
+
+    client.sssd.start()
+
+    for name, uid in [
+        ("bigusera", 2147483646),
+        ("biguserb", 2147483647),
+        ("biguserc", 2147483648),
+        ("biguserd", 2147483649),
+        ("bigusere", 3147483649),
+        ("biguserf", 4147483649),
+    ]:
+        provider.user(name).add(uid=uid, gid=uid, password="Secret123")
+    for name, uid in [
+        ("biggroup1", 2147483646),
+        ("biggroup2", 2147483647),
+        ("biggroup3", 2147483648),
+        ("biggroup4", 2147483649),
+        ("biggroup5", 3147483649),
+        ("biggroup6", 4147483649),
+    ]:
+        provider.group(name).add(gid=uid)
+
+    for username in ["bigusera", "biguserb", "biguserc", "biguserd", "bigusere", "biguserf"]:
+        result = client.tools.getent.passwd(username)
+        assert result is not None, "'{result}' is empty!"
+        assert result.name == username, "User name does not matched!"
+    for grpname in ["biggroup1", "biggroup2", "biggroup3", "biggroup4", "biggroup5", "biggroup6"]:
+        result = client.tools.getent.group(grpname)
+        assert result is not None, "'{result}' is empty!"
+        assert result.name == grpname, "Group name does not matched!"