Skip to content

Commit

Permalink
Tests: Add support for IPA IPA Trust
Browse files Browse the repository at this point in the history
  • Loading branch information
justin-stephenson committed Aug 8, 2024
1 parent ec7a80f commit d92d5a9
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 2 deletions.
12 changes: 12 additions & 0 deletions src/tests/system/mhc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,18 @@ domains:
krb5_keytab: /enrollment/ipa.test.keytab
ldap_krb5_keytab: /enrollment/ipa.test.keytab

- hostname: master2.ipa2.test
role: ipa
conn:
type: podman
container: ipa
sudo: True
config:
client:
ipa_domain: ipa2.test
krb5_keytab: /enrollment/ipa2.test.keytab
ldap_krb5_keytab: /enrollment/ipa2.test.keytab

- hostname: dc.ad.test
role: ad
os:
Expand Down
62 changes: 60 additions & 2 deletions src/tests/system/tests/test_ipa_trusts.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,15 @@
from __future__ import annotations

import pytest
from sssd_test_framework.roles.client import Client
from sssd_test_framework.roles.generic import GenericADProvider
from sssd_test_framework.roles.ipa import IPA
from sssd_test_framework.topology import KnownTopologyGroup
from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup


@pytest.mark.importance("low")
@pytest.mark.ticket(jira="RHEL-3925", gh=6942)
@pytest.mark.topology(KnownTopologyGroup.IPATrust)
@pytest.mark.topology(KnownTopologyGroup.IPATrustAD)
def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvider):
"""
:title: Subdomain stays online if IPA group is missing SID
Expand Down Expand Up @@ -60,3 +61,60 @@ def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvid
status = ipa.sssctl.domain_status(trusted.domain, online=True)
assert "online status: offline" not in status.stdout.lower(), "AD domain went offline!"
assert "online status: online" in status.stdout.lower(), "AD domain was not online!"


@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopologyGroup.AnyIPATrust)
def test_ipa_trusts__ipa_master_lookup_trusted_user(ipa: IPA, trusted: IPA):
"""
:title: Basic IPA-IPA Trust lookup on IPA server
:setup:
1. Restart SSSD and clear cache on IPA server
:steps:
1. Resolve trusted domain admin user
:expectedresults:
1. User is resolved
:customerscenario: True
"""
ipa.sssd.clear(db=True, memcache=True, logs=True)
ipa.sssd.restart()

# Resolve user
username = trusted.admin_fqn()

id_user = ipa.tools.id(username)
assert id_user is not None
assert id_user.user.name == username


@pytest.mark.importance("low")
@pytest.mark.topology(KnownTopology.IPATrustIPA)
def test_ipa_trusts__lookup_trusted_user(client: Client, ipa: IPA, trusted: IPA):
"""
:title: Basic IPA-IPA Trust lookup on IPA client
:setup:
1. Restart SSSD and clear cache on IPA client
:steps:
1. Resolve trusted admin user
2. Resolve group "admins@trusteddomain"
:expectedresults:
1. User is resolved
2. Group is resolved
:customerscenario: True
"""
client.sssd.clear(db=True, memcache=True, logs=True)
client.sssd.restart()

# Resolve user
username = trusted.admin_fqn()

id_user = client.tools.id(username)
assert id_user is not None
assert id_user.user.name == username

# Resolve group
groupname = trusted.fqn("admins")

getent_group = client.tools.getent.group(groupname)
assert getent_group is not None
assert getent_group.name == groupname

0 comments on commit d92d5a9

Please sign in to comment.