src/tests/multihost/basic/test_config.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

""" SSSD Configuration-related Test Cases

:requirement: IDM-SSSD-REQ: Configuration merging
:casecomponent: sssd
:subsystemteam: sst_idm_sssd
:upstream: yes
:status: approved
"""

import pytest
from utils_config import remove_section, set_param


class TestSSSDConfig(object):
    """
    Test cases around SSSD config management
    """
    def _assert_config_value(self, multihost, section, key, value):
        # This would really be much, much nicer to implement using python-ldb
        # but at the moment, the multihost tests rely on a virtual environment
        # where everything is pip-installed..and python-ldb is not present in
        # pip
        confdb_dn = 'cn=%s,cn=config' % (section)
        ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b %s' % (confdb_dn)
        cmd = multihost.master[0].run_command(ldb_cmd)
        check_str = '%s: %s' % (key, value)
        assert check_str in cmd.stdout_text

    @pytest.mark.converted('test_config.py', 'test_config__change_config_while_sssd_running')
    def test_sssd_genconf_sssd_running(self, multihost):
        """
        :title: config: sssd --genconf is able to re-generate
         the configuration even while SSSD is running
        :id: 078721e9-536b-4fd8-a36d-bd94673228fc
        """
        multihost.master[0].service_sssd('restart')

        self._assert_config_value(multihost, 'pam', 'debug_level', '9')

        set_param(multihost, 'pam', 'debug_level', '1')
        multihost.master[0].run_command('/usr/sbin/sssd --genconf')
        self._assert_config_value(multihost, 'pam', 'debug_level', '1')

        set_param(multihost, 'pam', 'debug_level', '9')

    @pytest.mark.converted('test_config.py', 'test_config__genconf_particular_section')
    def test_sssd_genconf_section_only(self, multihost):
        """
        :title: config: sssd --genconf-section only
         refreshes those sections given on the command line
        :id: 011bf2ad-4a2a-4350-adfa-7826349e262f
        """
        multihost.master[0].service_sssd('restart')

        self._assert_config_value(multihost, 'pam', 'debug_level', '9')
        self._assert_config_value(multihost, 'nss', 'debug_level', '9')

        set_param(multihost, 'pam', 'debug_level', '1')
        set_param(multihost, 'nss', 'debug_level', '1')
        multihost.master[0].run_command(
            '/usr/sbin/sssd --genconf-section=pam')

        # We only told genconf to touch the pam section..
        self._assert_config_value(multihost, 'pam', 'debug_level', '1')
        # ..so the NSS section shouldn't be updated at all
        self._assert_config_value(multihost, 'nss', 'debug_level', '9')

        set_param(multihost, 'nss', 'debug_level', '9')
        set_param(multihost, 'pam', 'debug_level', '9')

    @pytest.mark.converted('test_config.py', 'test_config__add_remove_section')
    def test_sssd_genconf_add_remove_section(self, multihost):
        """
        :title: config: sssd --genconf-section can not only modify
         existing configuration sections, but also add a new section
        :id: 8df66b51-aadc-456e-8f27-a1a787e61769
        """
        # Establish a baseline
        multihost.master[0].service_sssd('restart')
        self._assert_config_value(multihost, 'pam', 'debug_level', '9')
        self._assert_config_value(multihost, 'nss', 'debug_level', '9')

        set_param(multihost, 'foo', 'bar', 'baz')

        multihost.master[0].run_command(
            '/usr/sbin/sssd --genconf-section=foo')

        ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b cn=foo,cn=config'
        cmd = multihost.master[0].run_command(ldb_cmd)
        assert 'bar: baz' in cmd.stdout_text

        remove_section(multihost, 'foo')
        multihost.master[0].run_command(
            '/usr/sbin/sssd --genconf-section=foo')

        ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b cn=foo,cn=config'
        cmd = multihost.master[0].run_command(ldb_cmd)
        assert 'foo' not in cmd.stdout_text
        # Also make sure the existing sections were intact
        self._assert_config_value(multihost, 'pam', 'debug_level', '9')
        self._assert_config_value(multihost, 'nss', 'debug_level', '9')

    @pytest.mark.converted('test_config.py', 'test_config__genconf_no_such_section')
    def test_sssd_genconf_no_such_section(self, multihost):
        """
        :title: config: Referencing a non-existant section must not fail
        :id: 4e160dcc-9789-4f3f-b8d4-c67d27ef4a1c
        :description: Referencing a non-existant section must not fail,
         because we want to call this command from the systemd unit files
         and by default the sections don't have to be present
        """
        multihost.master[0].service_sssd('restart')
        multihost.master[0].run_command(
            '/usr/sbin/sssd --genconf-section=xyz')