From 644678a441b137910faf8dd4cf5bc8e103c3569f Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 25 Jul 2024 14:50:52 -0400 Subject: [PATCH] Tests: Add support for IPA IPA Trust --- src/tests/system/mhc.yaml | 8 +++ src/tests/system/tests/test_ipa_trusts.py | 60 ++++++++++++++++++++++- 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/src/tests/system/mhc.yaml b/src/tests/system/mhc.yaml index 2f0428a4e0d..c1454b7c33a 100644 --- a/src/tests/system/mhc.yaml +++ b/src/tests/system/mhc.yaml @@ -32,6 +32,14 @@ domains: krb5_keytab: /enrollment/ipa.test.keytab ldap_krb5_keytab: /enrollment/ipa.test.keytab + - hostname: master2.ipa2.test + role: ipa + config: + client: + ipa_domain: ipa2.test + krb5_keytab: /enrollment/ipa2.test.keytab + ldap_krb5_keytab: /enrollment/ipa2.test.keytab + - hostname: dc.ad.test role: ad os: diff --git a/src/tests/system/tests/test_ipa_trusts.py b/src/tests/system/tests/test_ipa_trusts.py index 88de9bdf574..50845f99509 100644 --- a/src/tests/system/tests/test_ipa_trusts.py +++ b/src/tests/system/tests/test_ipa_trusts.py @@ -9,12 +9,13 @@ import pytest from sssd_test_framework.roles.generic import GenericADProvider from sssd_test_framework.roles.ipa import IPA -from sssd_test_framework.topology import KnownTopologyGroup +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopologyGroup, KnownTopology @pytest.mark.importance("low") @pytest.mark.ticket(jira="RHEL-3925", gh=6942) -@pytest.mark.topology(KnownTopologyGroup.IPATrust) +@pytest.mark.topology(KnownTopologyGroup.IPATrustAD) def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvider): """ :title: Subdomain stays online if IPA group is missing SID @@ -60,3 +61,58 @@ def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvid status = ipa.sssctl.domain_status(trusted.domain, online=True) assert "online status: offline" not in status.stdout.lower(), "AD domain went offline!" assert "online status: online" in status.stdout.lower(), "AD domain was not online!" + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopologyGroup.AnyIPATrust) +def test_ipa_trusts__ipa_server_trusted_user_lookup(ipa: IPA, trusted: IPA): + """ + :title: Basic IPA-IPA Trust lookup on IPA server + :setup: + 1. Restart SSSD and clear cache on IPA server + :steps: + 1. Resolve trusted domain admin user + :expectedresults: + 1. User is resolved + :customerscenario: True + """ + ipa.sssd.clear(db=True, memcache=True, logs=True) + ipa.sssd.restart() + + # Resolve user + username = trusted.admin_fqn() + + id_user = ipa.tools.id(username) + assert id_user is not None + assert id_user.user.name == username + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.IPATrustIPA) +def test_ipa_trusts__ipa_client_trusted_user_lookup(client: Client, ipa: IPA, trusted: IPA): + """ + :title: Basic IPA-IPA Trust lookup on IPA client + :setup: + 1. Restart SSSD and clear cache on IPA client + :steps: + 1. Resolve trusted admin user + 2. Resolve group "admins@trusteddomain" + :expectedresults: + 1. User is resolved + 2. Group is resolved + :customerscenario: True + """ + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.restart() + + # Resolve user + username = trusted.admin_fqn() + + id_user = client.tools.id(username) + assert id_user is not None + assert id_user.user.name == username + + # Resolve group + groupname = trusted.fqn("admins") + + getent_group = client.tools.getent.group(groupname) + assert getent_group is not None + assert getent_group.name == groupname