From d9f952d706e27abe1cd4d1842c66e4cebf4cf22b Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 25 Jul 2024 14:50:52 -0400 Subject: [PATCH] Tests: Add support for IPA IPA Trust --- src/tests/system/mhc.yaml | 10 ++++ src/tests/system/tests/test_ipa_trusts.py | 62 ++++++++++++++++++++++- 2 files changed, 70 insertions(+), 2 deletions(-) diff --git a/src/tests/system/mhc.yaml b/src/tests/system/mhc.yaml index 0f93ff2df7e..1abbce72241 100644 --- a/src/tests/system/mhc.yaml +++ b/src/tests/system/mhc.yaml @@ -69,3 +69,13 @@ domains: krb5_server: kdc.test krb5_kpasswd: kdc.test krb5_realm: TEST + +- id: ipa2 + hosts: + - hostname: master2.ipa2.test + role: ipa + config: + client: + ipa_domain: ipa2.test + krb5_keytab: /enrollment/ipa2.test.keytab + ldap_krb5_keytab: /enrollment/ipa2.test.keytab \ No newline at end of file diff --git a/src/tests/system/tests/test_ipa_trusts.py b/src/tests/system/tests/test_ipa_trusts.py index 88de9bdf574..437701f7461 100644 --- a/src/tests/system/tests/test_ipa_trusts.py +++ b/src/tests/system/tests/test_ipa_trusts.py @@ -7,14 +7,15 @@ from __future__ import annotations import pytest +from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericADProvider from sssd_test_framework.roles.ipa import IPA -from sssd_test_framework.topology import KnownTopologyGroup +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup @pytest.mark.importance("low") @pytest.mark.ticket(jira="RHEL-3925", gh=6942) -@pytest.mark.topology(KnownTopologyGroup.IPATrust) +@pytest.mark.topology(KnownTopologyGroup.IPATrustAD) def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvider): """ :title: Subdomain stays online if IPA group is missing SID @@ -60,3 +61,60 @@ def test_ipa_trusts__lookup_group_without_sid(ipa: IPA, trusted: GenericADProvid status = ipa.sssctl.domain_status(trusted.domain, online=True) assert "online status: offline" not in status.stdout.lower(), "AD domain went offline!" assert "online status: online" in status.stdout.lower(), "AD domain was not online!" + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopologyGroup.AnyIPATrust) +def test_ipa_trusts__ipa_master_lookup_trusted_user(ipa: IPA, trusted: IPA): + """ + :title: Basic IPA-IPA Trust lookup on IPA server + :setup: + 1. Restart SSSD and clear cache on IPA server + :steps: + 1. Resolve trusted domain admin user + :expectedresults: + 1. User is resolved + :customerscenario: True + """ + ipa.sssd.clear(db=True, memcache=True, logs=True) + ipa.sssd.restart() + + # Resolve user + username = trusted.admin_fqn + + id_user = ipa.tools.id(username) + assert id_user is not None + assert id_user.user.name == username + + +@pytest.mark.importance("low") +@pytest.mark.topology(KnownTopology.IPATrustIPA) +def test_ipa_trusts__lookup_trusted_user(client: Client, ipa: IPA, trusted: IPA): + """ + :title: Basic IPA-IPA Trust lookup on IPA client + :setup: + 1. Restart SSSD and clear cache on IPA client + :steps: + 1. Resolve trusted admin user + 2. Resolve group "admins@trusteddomain" + :expectedresults: + 1. User is resolved + 2. Group is resolved + :customerscenario: True + """ + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.restart() + + # Resolve user + username = trusted.admin_fqn + + id_user = client.tools.id(username) + assert id_user is not None + assert id_user.user.name == username + + # Resolve group + groupname = trusted.fqn("admins") + + getent_group = client.tools.getent.group(groupname) + assert getent_group is not None + assert getent_group.name == groupname