Skip to content

Commit

Permalink
Tests: Add support for IPA IPA Trust
Browse files Browse the repository at this point in the history
  • Loading branch information
justin-stephenson committed Dec 18, 2024
1 parent 110c4ae commit af145e8
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 2 deletions.
10 changes: 10 additions & 0 deletions src/tests/system/mhc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,13 @@ domains:
krb5_server: kdc.test
krb5_kpasswd: kdc.test
krb5_realm: TEST

- id: ipa2
hosts:
- hostname: master2.ipa2.test
role: ipa
config:
client:
ipa_domain: ipa2.test
krb5_keytab: /enrollment/ipa2.test.keytab
ldap_krb5_keytab: /enrollment/ipa2.test.keytab
69 changes: 67 additions & 2 deletions src/tests/system/tests/test_ipa_trusts.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,15 @@
from __future__ import annotations

import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericADProvider
from sssd_test_framework.roles.ipa import IPA
from sssd_test_framework.topology import KnownTopologyGroup
from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup


@pytest.mark.importance("low")
@pytest.mark.ticket(jira="RHEL-3925", gh=6942)
@pytest.mark.topology(KnownTopologyGroup.IPATrust)
@pytest.mark.topology(KnownTopologyGroup.IPATrustAD)
def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvider):
"""
:title: Subdomain stays online if IPA group is missing SID
Expand Down Expand Up @@ -60,3 +61,67 @@ def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvid
status = ipa.sssctl.domain_status(trusted.domain, online=True)
assert "online status: offline" not in status.stdout.lower(), "AD domain went offline!"
assert "online status: online" in status.stdout.lower(), "AD domain was not online!"


@pytest.mark.importance("medium")
@pytest.mark.ticket(jira="RHEL-14752")
@pytest.mark.topology(KnownTopologyGroup.AnyIPATrust)
def test_ipa_trusts__ipa_master_lookup_trusted_user(ipa: IPA, trusted: IPA):
"""
:title: Basic IPA-IPA Trust lookup on IPA server
:setup:
1. Restart SSSD and clear cache on IPA server
:steps:
1. Resolve trusted domain admin user
:expectedresults:
1. User is resolved
:customerscenario: True
"""
ipa.sssd.restart(clean=True)

# Resolve user
username = trusted.admin_fqn
id_user = ipa.tools.id(username)

# Resolve group
groupname = trusted.fqn("admins")
getent_group = ipa.tools.getent.group(groupname)

assert id_user is not None, "Trusted admin user not found"
assert id_user.user.name == username, "Username does not match"

assert getent_group is not None
assert getent_group.name == groupname


@pytest.mark.importance("medium")
@pytest.mark.ticket(jira="RHEL-14752")
@pytest.mark.topology(KnownTopology.IPATrustIPA)
def test_ipa_trusts__lookup_trusted_user(client: Client, ipa: IPA, trusted: IPA):
"""
:title: Basic IPA-IPA Trust lookup on IPA client
:setup:
1. Restart SSSD and clear cache on IPA client
:steps:
1. Resolve trusted admin user
2. Resolve group "admins@trusteddomain"
:expectedresults:
1. User is resolved
2. Group is resolved
:customerscenario: True
"""
client.sssd.restart(clean=True)

# Resolve user
username = trusted.admin_fqn
id_user = client.tools.id(username)

# Resolve group
groupname = trusted.fqn("admins")
getent_group = client.tools.getent.group(groupname)

assert id_user is not None, "Trusted admin user not found"
assert id_user.user.name == username, "Username does not match"

assert getent_group is not None
assert getent_group.name == groupname

0 comments on commit af145e8

Please sign in to comment.