From abb58b03ac3a805faad1eea5ba3bb883115c008a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20V=C3=A1vra?= Date: Mon, 22 Apr 2024 09:21:36 +0200 Subject: [PATCH 1/7] Tests: Add extra debug to test_0003_gssapi_ssh. Reviewed-by: Madhuri Upadhye --- src/tests/multihost/ad/test_ad_misc.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/ad/test_ad_misc.py b/src/tests/multihost/ad/test_ad_misc.py index b00bc465ba4..f83a6f5532c 100644 --- a/src/tests/multihost/ad/test_ad_misc.py +++ b/src/tests/multihost/ad/test_ad_misc.py @@ -253,7 +253,10 @@ def test_0003_gssapi_ssh(self, multihost, adjoin, create_aduser_group): dom_name = client.get_domain_section_name() ad_realm = multihost.ad[0].domainname.upper() section = f"domain/{dom_name}" - section_params = {'krb5_confd_path': "/etc/krb5.conf.d/"} + section_params = { + 'krb5_confd_path': "/etc/krb5.conf.d/", + 'debug_level': '9', + } client.sssd_conf(section, section_params, action="update") client.clear_sssd_cache() ad_user = f'{aduser}@{dom_name}' @@ -268,6 +271,8 @@ def test_0003_gssapi_ssh(self, multihost, adjoin, create_aduser_group): ssh.expect('Password for .*:', timeout=10) ssh.sendline('Secret123') ssh.prompt(timeout=5) + ssh.sendline('klist -A') + ssh.prompt(timeout=5) ssh.sendline('ssh -v -o StrictHostKeyChecking=no -o GSSAPIAuthentication=yes ' '-o PasswordAuthentication=no ' f'-o PubkeyAuthentication=no -K -l {ad_user} ' From 5272b73c71424e435b3ca40f42fee35583f5eef7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20V=C3=A1vra?= Date: Mon, 22 Apr 2024 09:25:41 +0200 Subject: [PATCH 2/7] Tests: Switch test_0001_memcache_sid to reuse adjoin code. Reviewed-by: Madhuri Upadhye --- src/tests/multihost/ad/test_memcache_sid.py | 24 ++++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/tests/multihost/ad/test_memcache_sid.py b/src/tests/multihost/ad/test_memcache_sid.py index d65cb30048f..4a77ab9d9a0 100644 --- a/src/tests/multihost/ad/test_memcache_sid.py +++ b/src/tests/multihost/ad/test_memcache_sid.py @@ -11,11 +11,10 @@ from sssd.testlib.common.utils import sssdTools -@pytest.mark.usefixtures('joinad') @pytest.mark.tier1_3 @pytest.mark.memcachesid class Testmemcachesid(object): - def test_0001_memcache_sid(self, multihost): + def test_0001_memcache_sid(self, multihost, adjoin, create_aduser_group): """ :title: Verify memcache for SID :id: f7fce9c5-5ba6-428b-8e9b-5e07a88b5050 @@ -39,18 +38,27 @@ def test_0001_memcache_sid(self, multihost): 7. Lookup should read from memory cache of SID """ req_pkg = 'yum install -y strace python3-libsss_nss_idmap' + adjoin(membersw='adcli') multihost.client[0].run_command(req_pkg) ad_domain = multihost.ad[0].domainname - ad_user = f'user2@{ad_domain}' - ad_group = f'group2@{ad_domain}' - lookup_cmd_user = f'id -u {ad_user}' + # Create AD user and group + (aduser, adgroup) = create_aduser_group + client = sssdTools(multihost.client[0], multihost.ad[0]) + dom_section = f'domain/{client.get_domain_section_name()}' + sssd_params = { + 'ad_domain': multihost.ad[0].domainname.upper(), + 'debug_level': '9', + 'use_fully_qualified_names': 'True', + 'cache_credentials': 'True', + } + client.sssd_conf(dom_section, sssd_params) + client.clear_sssd_cache() + lookup_cmd_user = f'id -u {aduser}@{ad_domain}' cmd = multihost.client[0].run_command(lookup_cmd_user) ad_uid = cmd.stdout_text.rstrip() - lookup_cmd_group = f'getent group {ad_group} | cut -f3 -d:' + lookup_cmd_group = f'getent group {adgroup}@{ad_domain} | cut -f3 -d:' cmd = multihost.client[0].run_command(lookup_cmd_group) ad_gid = cmd.stdout_text.rstrip() - client = sssdTools(multihost.client[0], multihost.ad[0]) - client.clear_sssd_cache() file_dict = {'getsidbyuid': ad_uid, 'getsidbygid': ad_gid} for k, v in file_dict.items(): run_args = f'python3 -c "import pysss_nss_idmap;pysss_nss_idmap.{k}({v})"' From f7b70b01d6d7a1233641afa8bd1355d3052dc28d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20V=C3=A1vra?= Date: Mon, 22 Apr 2024 13:59:08 +0200 Subject: [PATCH 3/7] Tests: Add journalctl when systemctl sssd fails. Reviewed-by: Madhuri Upadhye --- src/tests/multihost/sssd/testlib/common/qe_class.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/sssd/testlib/common/qe_class.py b/src/tests/multihost/sssd/testlib/common/qe_class.py index 7a6089e95c6..53b3e953e33 100644 --- a/src/tests/multihost/sssd/testlib/common/qe_class.py +++ b/src/tests/multihost/sssd/testlib/common/qe_class.py @@ -122,7 +122,7 @@ def package_mgmt(self, package, action='install'): : return str: Return code of the yum remove command """ if 'Fedora' in self.distro or '8.' in self.distro or\ - '9.' in self.distro: + '9.' in self.distro or '10.' in self.distro: pkg_cmd = 'dnf' else: pkg_cmd = 'yum' @@ -145,6 +145,7 @@ def service_sssd(self, action): if cmd.returncode == 0: time.sleep(10) return cmd.returncode + self.run_command('journalctl -xeu sssd.service', raiseonerr=False) raise SSSDException(f'Unable to {action} sssd', 1) def yum_install(self, package): From a37cafe5c9e8fe8d3885be51805be293a009f61b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20V=C3=A1vra?= Date: Mon, 22 Apr 2024 14:00:27 +0200 Subject: [PATCH 4/7] Tests: Update ad parameters ported for non-root. Reviewed-by: Madhuri Upadhye --- src/tests/multihost/ad/test_ad_misc.py | 22 ++-- src/tests/multihost/ad/test_adparameters.py | 76 +++++------ .../multihost/ad/test_adparameters_ported.py | 120 +++++++++++------- 3 files changed, 129 insertions(+), 89 deletions(-) diff --git a/src/tests/multihost/ad/test_ad_misc.py b/src/tests/multihost/ad/test_ad_misc.py index f83a6f5532c..e4d3501101d 100644 --- a/src/tests/multihost/ad/test_ad_misc.py +++ b/src/tests/multihost/ad/test_ad_misc.py @@ -316,24 +316,26 @@ def test_0004_bz2110091(multihost, adjoin, create_aduser_group): (ad_user, _) = create_aduser_group domainname = multihost.ad[0].domainname client = sssdTools(multihost.client[0], multihost.ad[0]) - multihost.client[0].run_command(f'getent passwd {ad_user}@{domainname}') dom_section = f'domain/{client.get_domain_section_name()}' - sssd_params = {'debug_level': '9'} - client.sssd_conf(dom_section, sssd_params) + client.sssd_conf(dom_section, {'debug_level': '9'}) client.clear_sssd_cache() + multihost.client[0].run_command(f'getent passwd {ad_user}@{domainname}') + client.remove_sss_cache("/var/log/sssd") multihost.client[0].run_command('systemctl reboot', raiseonerr=False) + multihost.client[0].run_command('systemctl start sssd', raiseonerr=False) + log1 = re.compile(r'Destroying.the.old.c-ares.channel', re.IGNORECASE) + log2 = re.compile(r'\[recreate_ares_channel.*Initializing.new.c-ares.channel', re.IGNORECASE) time.sleep(30) # Reboot takes a long time in some cases so we try multiple times. for _ in range(1, 10): try: - dom_log = multihost.client[0].get_file_contents(f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8') - break + dom_log = multihost.client[0].get_file_contents( + f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8') + if log2.search(dom_log): + break except OSError: + # There is no need to fail here as the assertion will fail anyway. + dom_log = "Could not pull the log file!" time.sleep(30) - else: - # There is no need to fail here as the assertion will fail anyway. - dom_log = "Could not pull the log file!" - log1 = re.compile(r'Destroying.the.old.c-ares.channel', re.IGNORECASE) - log2 = re.compile(r'\[recreate_ares_channel.*Initializing.new.c-ares.channel', re.IGNORECASE) assert log1.search(dom_log), 'Destroying the old c-ares related log missing' assert log2.search(dom_log), 'Initializing new c-ares related log missing' diff --git a/src/tests/multihost/ad/test_adparameters.py b/src/tests/multihost/ad/test_adparameters.py index fe68ea5ddd7..10cd4e30d68 100644 --- a/src/tests/multihost/ad/test_adparameters.py +++ b/src/tests/multihost/ad/test_adparameters.py @@ -42,11 +42,12 @@ def test_0001_bz1296618(self, multihost, adjoin, client = sssdTools(multihost.client[0], multihost.ad[0]) domain_name = client.get_domain_section_name() basedn_entry = multihost.ad[0].domain_basedn_entry - users_dn_entry = '{},{}'.format('CN=Users', basedn_entry) - ad_group_dn = 'CN={},{}'.format(adgroup, users_dn_entry) + users_dn_entry = f'CN=Users,{basedn_entry}' + ad_group_dn = f'CN={adgroup},{users_dn_entry}' domain = multihost.ad[0].domainname + client.sssd_conf(f'domain/{domain}', {'debug_level': '9'}) client.clear_sssd_cache() - user_id = 'id %s@%s' % (aduser, domain) + user_id = f'id {aduser}@{domain}' multihost.client[0].run_command(user_id) user_cache_entry = 'name=%s@%s,cn=users'\ ',cn=%s,cn=sysdb' % (aduser, domain.lower(), domain) @@ -59,8 +60,7 @@ def test_0001_bz1296618(self, multihost, adjoin, client.remove_ad_user_group(aduser) client.remove_ad_user_group(adgroup) client.clear_sssd_cache() - id_lookup = 'id %s@%s' % (aduser, domain) - multihost.client[0].run_command(id_lookup, raiseonerr=False) + multihost.client[0].run_command(user_id, raiseonerr=False) cmd = multihost.client[0].run_command(ldb_search, raiseonerr=False) results = cmd.stdout_text.split() assert ad_group_dn not in results @@ -86,20 +86,12 @@ def test_0002_bz1287209(self, multihost, adjoin, create_aduser_group): adjoin(membersw='adcli') (ad_user, _) = create_aduser_group client_ad = sssdTools(multihost.client[0], multihost.ad[0]) - bkup = 'cp -af /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig' - multihost.client[0].run_command(bkup) - domainname = multihost.ad[0].domainname - domain_section = 'domain/{}'.format(domainname) - sssd_params = {'full_name_format': '%1$s'} - client_ad.sssd_conf(domain_section, sssd_params) - multihost.client[0].service_sssd('restart') - time.sleep(10) domain = multihost.ad[0].domainname - su_cmd = 'su - %s@%s -c whoami' % (ad_user, domain) + client_ad.sssd_conf(f'domain/{domain}', {'full_name_format': '%1$s'}) + client_ad.clear_sssd_cache() + su_cmd = f'su - {ad_user}@{domain} -c whoami' cmd = multihost.client[0].run_command(su_cmd, raiseonerr=False) assert ad_user == cmd.stdout_text.strip() - restore = 'cp -af /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf' - multihost.client[0].run_command(restore) @pytest.mark.tier1 def test_0003_bz1421622(self, multihost, adjoin, create_aduser_group): @@ -119,6 +111,9 @@ def test_0003_bz1421622(self, multihost, adjoin, create_aduser_group): adjoin(membersw='adcli') (_, _) = create_aduser_group domain = multihost.ad[0].domainname.strip().upper() + client = sssdTools(multihost.client[0], multihost.ad[0]) + client.sssd_conf(f'domain/{domain}', {'debug_level': '9'}) + client.clear_sssd_cache() userlist = ['users', 'Users', 'USERS', 'uSERS', 'UsErS', 'uSeRs', 'users'] domainlist = ['domain', 'Domain', 'DOMAIN', 'dOMAIN', 'DoMaIn', @@ -144,7 +139,10 @@ def test_00015_authselect_cannot_validate_its_own_files(self, multihost, adjoin) :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1734302 """ adjoin(membersw='adcli') - multihost.client[0].run_command("service sssd restart") + client = sssdTools(multihost.client[0], multihost.ad[0]) + domain = multihost.ad[0].domainname.strip().upper() + client.sssd_conf(f'domain/{domain}', {'debug_level': '9'}) + client.clear_sssd_cache() multihost.client[0].run_command("yum install -y gdb") multihost.client[0].run_command("gdb -quiet authselect -ex " "'set breakpoint pending on' -ex " @@ -178,17 +176,17 @@ def test_0005_BZ1527149_BZ1549675(self, multihost, adjoin, create_adgrp): client = sssdTools(multihost.client[0]) domain_name = client.get_domain_section_name() domain = multihost.ad[0].domainname.strip() - user = 'Administrator@%s' % domain - ldbcache = '/var/lib/sss/db/cache_%s.ldb' % domain_name - user_cache_entry = 'name=%s,cn=group,cn=%s,cn=sysdb' % (user, domain) + user = f'Administrator@{domain}' + ldbcache = f'/var/lib/sss/db/cache_{domain_name}.ldb' + user_cache_entry = f'name={user},cn=group,cn={domain},cn=sysdb' # just to check sssd status checking following user lookup - getent_pwd_cmd = "getent passwd %s" % user + getent_pwd_cmd = f"getent passwd {user}" cmd = multihost.client[0].run_command(getent_pwd_cmd, raiseonerr=False) if cmd.returncode == 0: - getent_cmd = "getent group %s" % user + getent_cmd = f"getent group {user}" cmd = multihost.client[0].run_command(getent_cmd, raiseonerr=False) if cmd.returncode != 0: - ldbcmd = "ldbsearch -H %s -b %s" % (ldbcache, user_cache_entry) + ldbcmd = f"ldbsearch -H {ldbcache} -b {user_cache_entry}" cmd = multihost.client[0].run_command(ldbcmd, raiseonerr=False) if cmd.returncode == 0: ldb_search_entry = cmd.stdout_text.strip().split('\n')[0] @@ -197,8 +195,7 @@ def test_0005_BZ1527149_BZ1549675(self, multihost, adjoin, create_adgrp): pytest.fail("Expected to get empty output for group lookup") @pytest.mark.tier1 - def test_0006_bz1592964(self, multihost, adjoin, - create_aduser_group, + def test_0006_bz1592964(self, multihost, adjoin, create_aduser_group, create_domain_local_group, add_user_in_domain_local_group): """ @@ -222,12 +219,11 @@ def test_0006_bz1592964(self, multihost, adjoin, client = sssdTools(multihost.client[0]) domain_name = client.get_domain_section_name() cfgget = '/etc/sssd/sssd.conf' - bkup_cmd = 'cp -f %s %s.backup' % (cfgget, cfgget) - multihost.client[0].run_command(bkup_cmd) sssdcfg = multihost.client[0].get_file_contents(cfgget) sssdcfg = sssdcfg.replace(b'services = nss, pam', b'services = nss, pam, pac') multihost.client[0].put_file_contents(cfgget, sssdcfg) + client.fix_sssd_conf_perms() multihost.client[0].run_command('sss_cache -E') multihost.client[0].service_sssd('restart') time.sleep(20) @@ -246,8 +242,6 @@ def test_0006_bz1592964(self, multihost, adjoin, 'ltestgroup4', 'ltestgroup5'] for _, group in enumerate(grouplist): assert group in cmd1.stdout_text and cmd2.stdout_text - cp = '/bin/cp -a /etc/sssd/sssd.conf.backup /etc/sssd/sssd.conf' - multihost.client[0].run_command(cp) @pytest.mark.tier2 def test_0007_bz1361597(self, multihost, adjoin, create_aduser_group): @@ -335,12 +329,15 @@ def test_0008_bz1431858(self, multihost, adjoin): 4. Lookup should be successful """ adjoin(membersw='adcli') + client = sssdTools(multihost.client[0], multihost.ad[0]) + domain = multihost.ad[0].domainname.strip().upper() + client.sssd_conf(f'domain/{domain}', {'debug_level': '9'}) user = "Administrator" ad_realm = multihost.ad[0].domainname cmd = "id %s@%s" % (user, ad_realm) multihost.client[0].run_command(cmd, raiseonerr=False) output = multihost.client[0].run_command('klist -kt').stdout_text - search = "host/{}".format(multihost.client[0].external_hostname) + search = f"host/{multihost.client[0].external_hostname}" assert output.find(search) != -1 @pytest.mark.tier1 @@ -358,10 +355,14 @@ def test_0009_bz1565761(self, multihost, adjoin): 2. Empty output """ adjoin(membersw='adcli') + client = sssdTools(multihost.client[0], multihost.ad[0]) + domain = multihost.ad[0].domainname.strip().upper() + client.sssd_conf(f'domain/{domain}', {'debug_level': '9'}) user = "Administrator" - ad_relam = multihost.ad[0].domainname - cmd = "sss_cache -E ; id %s@%s" % (user, ad_relam) - multihost.client[0].run_command(cmd, raiseonerr=False) + client.clear_sssd_cache() + multihost.client[0].run_command( + f"id {user}@{domain}", raiseonerr=False + ) grep = 'grep -ire "Domain not found" /var/log/sssd/' cmd = multihost.client[0].run_command(grep, raiseonerr=False) output = cmd.stdout_text @@ -386,6 +387,8 @@ def test_0010_bz1527662(self, multihost, adjoin): ad_realm = multihost.ad[0].domainname user_mail = 'akhomic1b@%s' % ad_realm client = sssdTools(multihost.client[0], multihost.ad[0]) + domain = multihost.ad[0].domainname.strip().upper() + client.sssd_conf(f'domain/{domain}', {'debug_level': '9'}) for user in user_list: group = '%s_group' % (user) client.create_ad_user(user, group, user_mail) @@ -411,7 +414,7 @@ def test_0011_bz1571526(self, multihost, adjoin): :customerscenario: True """ adjoin(membersw='adcli') - client = sssdTools(multihost.client[0]) + client = sssdTools(multihost.client[0], multihost.ad[0]) domain_name = client.get_domain_section_name() dom_section = 'domain/%s' % domain_name sssd_params = {'ldap_schema': 'rfc2307', 'debug_level': '9'} @@ -444,9 +447,10 @@ def test_0012_bz1738532(self, multihost, adjoin, create_aduser_group): """ adjoin(membersw='adcli') (ad_user, _) = create_aduser_group - client = sssdTools(multihost.client[0]) + client = sssdTools(multihost.client[0], multihost.ad[0]) domain = multihost.ad[0].domainname.strip().lower() - user = '%s@%s' % (ad_user, domain) + user = f'{ad_user}@{domain}' + client.sssd_conf(f'domain/{domain}', {'debug_level': '9'}) client.clear_sssd_cache() set_UPN = 'powershell.exe -inputformat none -noprofile Set-ADUser ' \ '-UserPrincipalName TestUserUPN@ad.vm -Identity %s' % ad_user diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index c848cc9c5ba..ded2feb36d6 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -189,7 +189,7 @@ def set_ssh_key_ldap(session_multihost, user, pubkey, operation="replace"): return cmd.returncode == 0 -@pytest.mark.flaky(reruns=5, reruns_delay=30) +@pytest.mark.flaky(reruns=3, reruns_delay=30) @pytest.mark.adparameters @pytest.mark.usefixtures("change_client_hostname") class TestADParamsPorted: @@ -330,6 +330,9 @@ def test_0002_ad_parameters_junk_domain( log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child hostname_cmd = multihost.client[0].run_command( 'hostname -s', raiseonerr=False) @@ -350,9 +353,9 @@ def test_0002_ad_parameters_junk_domain( # Evaluate test results assert f"No principal matching {shortname}$@JUNK found in keytab." in \ - log_str - assert "No principal matching host/*@JUNK found in keytab." in log_str - assert f"Selected realm: {ad_realm}" in log_str + logs + assert "No principal matching host/*@JUNK found in keytab." in logs + assert f"Selected realm: {ad_realm}" in logs assert "segfault" not in log_msg_str, "Segfault present in the log!" assert usr_cmd.returncode == 0, f"User {aduser} was not found." @@ -445,10 +448,13 @@ def test_0003_ad_parameters_junk_domain_invalid_keytab( f'getent passwd {ad_domain_short}\\\\{aduser}', raiseonerr=False ) - # Download sssd log + # Download sssd logs log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child # TEARDOWN # Restore keytab before test result evaluation @@ -466,9 +472,9 @@ def test_0003_ad_parameters_junk_domain_invalid_keytab( # Evaluate test results assert usr_cmd.returncode == 2, f"{aduser} was unexpectedly found!" - assert "No principal matching host/*@JUNK found in keytab." in log_str - assert "Selected realm: INVALIDDOMAIN.COM" in log_str - assert "Option krb5_realm set to JUNK" in log_str + assert "No principal matching host/*@JUNK found in keytab." in logs + assert "Selected realm: INVALIDDOMAIN.COM" in logs + assert "Option krb5_realm set to JUNK" in logs @staticmethod @pytest.mark.tier1_2 @@ -522,10 +528,6 @@ def test_0004_ad_parameters_valid_domain_shorthost( # Clear cache and restart SSSD client.clear_sssd_cache() time.sleep(15) - # Download sssd log - log_str = multihost.client[0].get_file_contents( - f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ - decode('utf-8') hostname_cmd = multihost.client[0].run_command( 'hostname -s', @@ -540,10 +542,21 @@ def test_0004_ad_parameters_valid_domain_shorthost( # Run su su_result = client.su_success(rf'{ad_domain_short}\\{aduser}') + # Download sssd logs + log_str = multihost.client[0].get_file_contents( + f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ + decode('utf-8') + + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + + log_message = f"Trying to find principal {shortname}$@{ad_realm}" + # Evaluate test results - assert f"Trying to find principal {shortname}$@{ad_realm}" in log_str assert usr_cmd.returncode == 0, f"User {aduser} was not found." assert su_result, "The su command failed!" + assert log_message in log_str or log_message in log_str_child + @staticmethod @pytest.mark.tier2 @@ -813,10 +826,13 @@ def test_0009_ad_parameters_ldap_sasl_full( # Run su command su_result = client.su_success(f'{aduser}@{ad_realm}', with_password=False) - # Download the sssd domain log + # Download the sssd logs log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child # TEARDOWN client.restore_sssd_conf() @@ -824,13 +840,13 @@ def test_0009_ad_parameters_ldap_sasl_full( # EVALUATION assert f"Option ldap_sasl_authid has value " \ - f"host/{hostname}@{ad_realm}" in log_str - assert "authid contains realm" in log_str - assert f"Will look for host/{hostname}@{ad_realm} in" in log_str + f"host/{hostname}@{ad_realm}" in logs + assert "authid contains realm" in logs + assert f"Will look for host/{hostname}@{ad_realm} in" in logs assert f"Trying to find principal host/{hostname}@{ad_realm} in " \ - f"keytab" in log_str + f"keytab" in logs assert f"Principal matched to the sample " \ - f"(host/{hostname}@{ad_realm})" in log_str + f"(host/{hostname}@{ad_realm})" in logs assert usr_cmd.returncode == 0, f"User {aduser} was not found!" assert su_result, f"Su for user {aduser} failed!" @@ -891,24 +907,28 @@ def test_0010_ad_parameters_ldap_sasl_short( # Run su command su_result = client.su_success(f'{aduser}@{ad_realm}', with_password=False) - # Download the sssd domain log + # Download the sssd logs log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child # TEARDOWN client.restore_sssd_conf() client.clear_sssd_cache() + # EVALUATION assert f"Option ldap_sasl_authid has value " \ - f"host/{hostname}" in log_str - assert "authid contains realm" not in log_str - assert f"Will look for host/{hostname}@{ad_realm} in" in log_str + f"host/{hostname}" in logs + assert "authid contains realm" not in logs + assert f"Will look for host/{hostname}@{ad_realm} in" in logs assert f"Trying to find principal host/{hostname}@{ad_realm} in " \ - f"keytab" in log_str + f"keytab" in logs assert f"Principal matched to the sample " \ - f"(host/{hostname}@{ad_realm})" in log_str + f"(host/{hostname}@{ad_realm})" in logs assert usr_cmd.returncode == 0, f"User {aduser} was not found!" assert su_result, f"Su for user {aduser} failed!" @@ -977,15 +997,18 @@ def test_0011_ad_parameters_server_resolvable( # Run su command su_result = client.su_success(aduser) - # Download the sssd domain log + # Download the sssd logs log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child assert f"Option ad_domain has value " \ - f"{multihost.ad[0].domainname.lower()}" in log_str + f"{multihost.ad[0].domainname.lower()}" in logs assert f"Option krb5_realm set to " \ - f"{multihost.ad[0].domainname.upper()}" in log_str + f"{multihost.ad[0].domainname.upper()}" in logs assert usr_cmd.returncode == 0, f"User {aduser} was not found!" assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!" assert uid_cmd.returncode == 0, f"User with {uid} was not found!" @@ -1240,7 +1263,10 @@ def test_0015_ad_parameters_ad_hostname_machine( log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') - if "kautest.com" in log_str: + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child + if "kautest.com" in logs: break # Reset hostname @@ -1250,8 +1276,8 @@ def test_0015_ad_parameters_ad_hostname_machine( # Evaluate test results assert usr_cmd.returncode == 0, f"User {aduser} was not found." assert su_result, "The su command failed!" - assert "Setting ad_hostname to [host1.kautest.com]" in log_str - assert f"Will look for host1.kautest.com@{ad_realm}" in log_str + assert "Setting ad_hostname to [host1.kautest.com]" in logs + assert f"Will look for host1.kautest.com@{ad_realm}" in logs @staticmethod @@ -1330,10 +1356,13 @@ def test_0016_ad_parameters_ad_hostname_valid( f'getent group {adgroup}', raiseonerr=False) # Run su su_result = client.su_success(aduser) - # Download sssd log + # Download sssd logs log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child # Reset new hostname multihost.client[0].run_command( f'hostname {old_hostname}', raiseonerr=False) @@ -1341,10 +1370,10 @@ def test_0016_ad_parameters_ad_hostname_valid( assert usr_cmd.returncode == 0, f"User {aduser} was not found." assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!" assert su_result, "The su command failed!" - assert f"Option ad_hostname has value {old_hostname}" in log_str - assert f"Setting ad_hostname to [{old_hostname}]" not in log_str - assert f"Will look for {old_hostname}@{ad_realm}" in log_str - assert f"Trying to find principal {old_hostname}@{ad_realm}" in log_str + assert f"Option ad_hostname has value {old_hostname}" in logs + assert f"Setting ad_hostname to [{old_hostname}]" not in logs + assert f"Will look for {old_hostname}@{ad_realm}" in logs + assert f"Trying to find principal {old_hostname}@{ad_realm}" in logs @staticmethod @pytest.mark.tier2 @@ -1404,11 +1433,13 @@ def test_0017_ad_parameters_krb5_keytab_nonexistent( # SSSD will not start due to the non-existent keytab. pass time.sleep(15) - # Download sssd log + # Download sssd logs log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') - + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child # Search for the AD user usr_cmd = multihost.client[0].run_command( f'getent passwd {aduser}', raiseonerr=False) @@ -1421,10 +1452,10 @@ def test_0017_ad_parameters_krb5_keytab_nonexistent( # Evaluate test results assert "Option krb5_keytab has value /etc/krb5.keytab." \ - "keytabdoesntexist" in log_str + "keytabdoesntexist" in logs assert "Option ldap_krb5_keytab set to /etc/krb5.keytab." \ - "keytabdoesntexist" in log_str - assert "No suitable principal found in keytab" in log_str + "keytabdoesntexist" in logs + assert "No suitable principal found in keytab" in logs assert usr_cmd.returncode == 2, f"User {aduser} was found." @staticmethod @@ -1488,6 +1519,9 @@ def test_0018_ad_parameters_krb5_keytab_elsewhere( log_str = multihost.client[0].get_file_contents( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') + log_str_child = multihost.client[0].get_file_contents( + "/var/log/sssd/ldap_child.log").decode('utf-8') + logs = log_str + log_str_child # Search for the AD user usr_cmd = multihost.client[0].run_command( @@ -1506,9 +1540,9 @@ def test_0018_ad_parameters_krb5_keytab_elsewhere( # Evaluate test results assert "Option krb5_keytab has value /usr/local/etc/krb5.keytab" \ - in log_str + in logs assert "Option ldap_krb5_keytab set to /usr/local/etc/krb5.keytab" \ - in log_str + in logs assert usr_cmd.returncode == 0, f"User {aduser} was not found." assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!" assert su_result, "The su command failed!" From f722738f525e3482fb3c411f2d4198c1229d0fac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20V=C3=A1vra?= Date: Tue, 30 Apr 2024 12:02:23 +0200 Subject: [PATCH 5/7] Tests: Add extra sssd restart on master for samba tests. For non-root the sssd needs to be restarted after joining the AD and fixing sssd.conf permissions, this was not done on master (smb). Reviewed-by: Madhuri Upadhye --- src/tests/multihost/sssd/testlib/common/samba.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/multihost/sssd/testlib/common/samba.py b/src/tests/multihost/sssd/testlib/common/samba.py index 8b6617245a5..ce2b7e9109b 100644 --- a/src/tests/multihost/sssd/testlib/common/samba.py +++ b/src/tests/multihost/sssd/testlib/common/samba.py @@ -146,6 +146,7 @@ def enable_winbind(self): pytest.fail("kinit failed") self.host_tools.join_ad(self.adhost_realm, self.adhost_password, mem_sw='samba') + self.host_tools.service_ctrl("restart", "sssd") self.smbadsconf() self.enable_idmapsss() restart_winbind = 'systemctl restart winbind' From 7bf051e4d123eb9a5a524cb6d77b11f715ecc1b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20V=C3=A1vra?= Date: Tue, 30 Apr 2024 12:23:21 +0200 Subject: [PATCH 6/7] Tests: Add fixing sssd.conf ownership after realm join. Add journalctl info when service_ctrl call fails. Reviewed-by: Madhuri Upadhye --- src/tests/multihost/sssd/testlib/common/utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index 41e379b69c0..821c4d50cd9 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -195,6 +195,7 @@ def service_ctrl(self, action, target_service): time.sleep(10) return cmd.returncode else: + self.multihost.run_command(f'journalctl -xeu {target_service}') raise SSSDException('Unable to %s %s' % (action, target_service), 1) @@ -508,6 +509,8 @@ def realm_join(self, domainname, admin_password, self.multihost.run_command("cat /etc/krb5.conf", raiseonerr=False) self.multihost.run_command("resolvectl dns", raiseonerr=False) raise SSSDException("Error: %s" % cmd.stderr_text) + self.fix_sssd_conf_perms() + self.service_ctrl("restart", "sssd") return cmd.stderr_text From 228547507e20a6b994978dbb269a253204f6a0e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20V=C3=A1vra?= Date: Thu, 2 May 2024 08:41:21 +0200 Subject: [PATCH 7/7] Tests: Fix PEP8 on updated AD suites. Reviewed-by: Madhuri Upadhye --- src/tests/multihost/ad/test_ad_misc.py | 8 +- src/tests/multihost/ad/test_adparameters.py | 2 +- .../multihost/ad/test_adparameters_ported.py | 86 +++++++++---------- src/tests/multihost/ad/test_adschema.py | 14 ++- 4 files changed, 53 insertions(+), 57 deletions(-) diff --git a/src/tests/multihost/ad/test_ad_misc.py b/src/tests/multihost/ad/test_ad_misc.py index e4d3501101d..b7d2443c5f9 100644 --- a/src/tests/multihost/ad/test_ad_misc.py +++ b/src/tests/multihost/ad/test_ad_misc.py @@ -164,9 +164,9 @@ def test_0001_provider_config_cross_interference( client.clear_sssd_cache() # Evaluate test results - assert usr_cmd_1.returncode == 0,\ + assert usr_cmd_1.returncode == 0, \ f"getent passwd {aduser} failed (AD without additional LDAP)." - assert usr_cmd_2.returncode != 0,\ + assert usr_cmd_2.returncode != 0, \ f"getent passwd {aduser} passed (AD with LDAP with an " \ f"obfuscated password)." assert "[sdap_cli_auth_step] (0x1000): Invalid authtoken type" \ @@ -273,8 +273,8 @@ def test_0003_gssapi_ssh(self, multihost, adjoin, create_aduser_group): ssh.prompt(timeout=5) ssh.sendline('klist -A') ssh.prompt(timeout=5) - ssh.sendline('ssh -v -o StrictHostKeyChecking=no -o GSSAPIAuthentication=yes ' - '-o PasswordAuthentication=no ' + ssh.sendline(f'ssh -v -o StrictHostKeyChecking=no -o GSSAPIAuthentication=yes ' + f'-o PasswordAuthentication=no ' f'-o PubkeyAuthentication=no -K -l {ad_user} ' f'{multihost.client[0].sys_hostname} id') ssh.prompt(timeout=30) diff --git a/src/tests/multihost/ad/test_adparameters.py b/src/tests/multihost/ad/test_adparameters.py index 10cd4e30d68..f2ad8d9be62 100644 --- a/src/tests/multihost/ad/test_adparameters.py +++ b/src/tests/multihost/ad/test_adparameters.py @@ -361,7 +361,7 @@ def test_0009_bz1565761(self, multihost, adjoin): user = "Administrator" client.clear_sssd_cache() multihost.client[0].run_command( - f"id {user}@{domain}", raiseonerr=False + f"id {user}@{domain}", raiseonerr=False ) grep = 'grep -ire "Domain not found" /var/log/sssd/' cmd = multihost.client[0].run_command(grep, raiseonerr=False) diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index ded2feb36d6..9b25a128143 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -71,7 +71,6 @@ def change_client_hostname(session_multihost, request): f'hostnamectl set-hostname {new_hostname}', raiseonerr=False ) - def restore(): """ Restore hostname """ # Temporary way of changing hostname @@ -81,7 +80,7 @@ def restore(): ) # Permanent way of changing hostname session_multihost.client[0].run_command( - f'hostnamectl set-hostname {old_hostname}', raiseonerr=False + f'hostnamectl set-hostname {old_hostname}', raiseonerr=False ) request.addfinalizer(restore) @@ -180,11 +179,13 @@ def set_ssh_key_ldap(session_multihost, user, pubkey, operation="replace"): tfile.flush() session_multihost.client[0].transport.put_file( tfile.name, f'/tmp/mod.{myid}.ldif') - ldap_cmd = f'ldapmodify -H ldap://{session_multihost.ad[0].hostname}' \ - f' -v -x -D "cn=Administrator,cn=Users,' \ - f'{session_multihost.ad[0].domain_basedn_entry}" -w ' \ - f'"{session_multihost.ad[0].ssh_password}" ' \ - f'-f /tmp/mod.{myid}.ldif' + ldap_cmd = ( + f"ldapmodify -H ldap://{session_multihost.ad[0].hostname}" + f' -v -x -D "cn=Administrator,cn=Users,' + f'{session_multihost.ad[0].domain_basedn_entry}" -w ' + f'"{session_multihost.ad[0].ssh_password}" ' + f"-f /tmp/mod.{myid}.ldif" + ) cmd = session_multihost.client[0].run_command(ldap_cmd, raiseonerr=False) return cmd.returncode == 0 @@ -300,7 +301,7 @@ def test_0002_ad_parameters_junk_domain( ad_realm = multihost.ad[0].domainname.upper() # Join AD manually to set the user-principal properly joincmd = f"realm join --user=Administrator --user-principal=host/" \ - f"{hostname}@{ad_realm} {multihost.ad[0].domainname.lower()}" + f"{hostname}@{ad_realm} {multihost.ad[0].domainname.lower()}" multihost.client[0].run_command( joincmd, stdin_text=multihost.ad[0].ssh_password, raiseonerr=False) @@ -424,10 +425,10 @@ def test_0003_ad_parameters_junk_domain_invalid_keytab( shortname = hostname_cmd.stdout_text.rstrip().upper() ktutil_cmd = f'{{ echo "addent -password -p host/{shortname}@' \ - f'INVALIDDOMAIN.COM -k 2 -e rc4-hmac"; sleep 1; echo ' \ - f'"Secret123"; sleep 1; echo "rkt /etc/krb5.keytab"; ' \ - f'sleep 1; echo "wkt /tmp/first_invalid.keytab"; ' \ - f'sleep 1; echo "quit"; }} | ktutil' + f'INVALIDDOMAIN.COM -k 2 -e rc4-hmac"; sleep 1; echo ' \ + f'"Secret123"; sleep 1; echo "rkt /etc/krb5.keytab"; ' \ + f'sleep 1; echo "wkt /tmp/first_invalid.keytab"; ' \ + f'sleep 1; echo "quit"; }} | ktutil' multihost.client[0].run_command(ktutil_cmd, raiseonerr=False) # Get keytab info for debugging purposes @@ -557,7 +558,6 @@ def test_0004_ad_parameters_valid_domain_shorthost( assert su_result, "The su command failed!" assert log_message in log_str or log_message in log_str_child - @staticmethod @pytest.mark.tier2 def test_0005_ad_parameters_blank_domain( @@ -919,7 +919,6 @@ def test_0010_ad_parameters_ldap_sasl_short( client.restore_sssd_conf() client.clear_sssd_cache() - # EVALUATION assert f"Option ldap_sasl_authid has value " \ f"host/{hostname}" in logs @@ -1264,7 +1263,7 @@ def test_0015_ad_parameters_ad_hostname_machine( f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \ decode('utf-8') log_str_child = multihost.client[0].get_file_contents( - "/var/log/sssd/ldap_child.log").decode('utf-8') + "/var/log/sssd/ldap_child.log").decode('utf-8') logs = log_str + log_str_child if "kautest.com" in logs: break @@ -1279,7 +1278,6 @@ def test_0015_ad_parameters_ad_hostname_machine( assert "Setting ad_hostname to [host1.kautest.com]" in logs assert f"Will look for host1.kautest.com@{ad_realm}" in logs - @staticmethod @pytest.mark.tier1_2 @pytest.mark.c_ares @@ -1605,11 +1603,11 @@ def test_0019_ad_parameters_ldap_id_mapping_false( # Get uid and gid for the aduser and adgroup get_uid_cmd = f"powershell.exe -inputformat none -noprofile 'Get-" \ - f"ADUser -Identity {aduser} -Properties uidNumber'" + f"ADUser -Identity {aduser} -Properties uidNumber'" cmd = multihost.ad[0].run_command(get_uid_cmd, raiseonerr=False) uid = re.findall("uidNumber.*:[^0-9]+([0-9]+)", cmd.stdout_text)[0] get_gid_cmd = f"powershell.exe -inputformat none -noprofile 'Get-" \ - f"ADGroup -Identity {adgroup} -Properties gidNumber'" + f"ADGroup -Identity {adgroup} -Properties gidNumber'" cmd = multihost.ad[0].run_command(get_gid_cmd, raiseonerr=False) gid = re.findall("gidNumber.*:[^0-9]+([0-9]+)", cmd.stdout_text)[0] @@ -1970,7 +1968,7 @@ def test_0024_ad_parameters_getgrgid_nested( https://bugzilla.redhat.com/show_bug.cgi?id=887961 :customerscenario: False """ - adjoin(membersw='adcli') + adjoin(membersw='a dcli') client = sssdTools(multihost.client[0], multihost.ad[0]) # Create AD user without posix attributes (userplain, _) = create_plain_aduser_group @@ -2263,7 +2261,7 @@ def test_0028_ad_parameters_nested_in_nonposix_group( 'id_provider': 'ldap', 'ldap_schema': 'ad', 'ldap_default_bind_dn': f'CN=administrator,CN=Users' - f',{multihost.ad[0].domain_basedn_entry}', + f',{multihost.ad[0].domain_basedn_entry}', 'use_fully_qualified_names': 'false', 'ldap_id_use_start_tls': 'True', 'ldap_tls_cacert': '/etc/openldap/certs/ad_cert.pem', @@ -2337,7 +2335,7 @@ def test_0029_ad_parameters_tokengroups_with_ldap( 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_default_bind_dn': f'CN=administrator,CN=Users' - f',{multihost.ad[0].domain_basedn_entry}', + f',{multihost.ad[0].domain_basedn_entry}', 'debug_level': '9', 'ldap_referrals': 'false', 'use_fully_qualified_names': 'True', @@ -2394,7 +2392,7 @@ def test_0030_ad_parameters_tokengroups_searchbase( (aduser, _) = create_aduser_group # Create a subtree - subtree = f'subtree-{random.randint(999,9999)}' + subtree = f'subtree-{random.randint(999, 9999)}' with tempfile.NamedTemporaryFile(mode='w') as tfile: tfile.write(f"dn: OU={subtree}," f"{multihost.ad[0].domain_basedn_entry}\n") @@ -2407,9 +2405,9 @@ def test_0030_ad_parameters_tokengroups_searchbase( tfile.flush() multihost.client[0].transport.put_file(tfile.name, '/tmp/mod.ldif') ldap_cmd = f'ldapadd -a -v -x -H ldap://{multihost.ad[0].hostname}' \ - f' -D "cn=Administrator,cn=Users,' \ - f'{multihost.ad[0].domain_basedn_entry}" -w ' \ - f'"{multihost.ad[0].ssh_password}" -f /tmp/mod.ldif' + f' -D "cn=Administrator,cn=Users,' \ + f'{multihost.ad[0].domain_basedn_entry}" -w ' \ + f'"{multihost.ad[0].ssh_password}" -f /tmp/mod.ldif' multihost.client[0].run_command(ldap_cmd) @@ -2423,7 +2421,7 @@ def test_0030_ad_parameters_tokengroups_searchbase( 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_default_bind_dn': f'CN=administrator,CN=Users' - f',{multihost.ad[0].domain_basedn_entry}', + f',{multihost.ad[0].domain_basedn_entry}', 'ldap_referrals': 'false', 'debug_level': '9', 'use_fully_qualified_names': 'True', @@ -2450,10 +2448,10 @@ def test_0030_ad_parameters_tokengroups_searchbase( # Teardown # Remove subtree from ldap ldap_cmd = f'ldapdelete -v -x -H ldap://{multihost.ad[0].hostname}' \ - f' -D "cn=Administrator,cn=Users,' \ - f'{multihost.ad[0].domain_basedn_entry}" -w ' \ - f'"{multihost.ad[0].ssh_password}" "OU={subtree},' \ - f'{multihost.ad[0].domain_basedn_entry}"' + f' -D "cn=Administrator,cn=Users,' \ + f'{multihost.ad[0].domain_basedn_entry}" -w ' \ + f'"{multihost.ad[0].ssh_password}" "OU={subtree},' \ + f'{multihost.ad[0].domain_basedn_entry}"' multihost.client[0].run_command(ldap_cmd, raiseonerr=False) @@ -2579,9 +2577,9 @@ def test_0032_ad_parameters_group_name_attribute(multihost, adjoin): tfile.flush() multihost.client[0].transport.put_file(tfile.name, '/tmp/mod.ldif') ldap_cmd = f'ldapmodify -v -x -H ldap://{multihost.ad[0].hostname}' \ - f' -D "cn=Administrator,cn=Users,' \ - f'{multihost.ad[0].domain_basedn_entry}" -w ' \ - f'"{multihost.ad[0].ssh_password}" -f /tmp/mod.ldif' + f' -D "cn=Administrator,cn=Users,' \ + f'{multihost.ad[0].domain_basedn_entry}" -w ' \ + f'"{multihost.ad[0].ssh_password}" -f /tmp/mod.ldif' multihost.client[0].run_command(ldap_cmd) # Search for the AD group @@ -2661,9 +2659,9 @@ def test_0033_ad_parameters_group_cleanup_sanitize(multihost, adjoin): tfile.flush() multihost.client[0].transport.put_file(tfile.name, '/tmp/mod.ldif') ldap_cmd = f'ldapmodify -v -x -H ldap://{multihost.ad[0].hostname}' \ - f' -D "cn=Administrator,cn=Users,' \ - f'{multihost.ad[0].domain_basedn_entry}" -w ' \ - f'"{multihost.ad[0].ssh_password}" -f /tmp/mod.ldif' + f' -D "cn=Administrator,cn=Users,' \ + f'{multihost.ad[0].domain_basedn_entry}" -w ' \ + f'"{multihost.ad[0].ssh_password}" -f /tmp/mod.ldif' multihost.client[0].run_command(ldap_cmd) # Search for the AD user and group @@ -2961,8 +2959,8 @@ def test_0036_ad_parameters_renewal_leaks_descriptors(multihost, adjoin): print(f'Descriptors: initial:{initial}, stable:{stable},' f' final: {final}.') assert stable >= final, f"File descriptors are increasing!\n" \ - f"Descriptors: initial:{initial}," \ - f" stable:{stable}, final: {final}." + f"Descriptors: initial:{initial}," \ + f" stable:{stable}, final: {final}." @staticmethod @pytest.mark.tier1_2 @@ -3060,10 +3058,10 @@ def test_0038_ad_parameters_authentication_failure_invalid_keytab( # With ktutil add invalid principle in the keytab file. ktutil_cmd = f'{{ echo "addent -password -p Test1337@{ad_domain} -k' \ - f' 3 -e aes128-cts-hmac-sha1-96"; sleep 1; echo "Secret' \ - f'123"; echo "rkt /etc/krb5.keytab"; sleep 1; echo "wkt' \ - f' /tmp/first_invalid.keytab"; sleep 1; echo "quit"; }}' \ - f' | ktutil' + f' 3 -e aes128-cts-hmac-sha1-96"; sleep 1; echo "Secret' \ + f'123"; echo "rkt /etc/krb5.keytab"; sleep 1; echo "wkt' \ + f' /tmp/first_invalid.keytab"; sleep 1; echo "quit"; }}' \ + f' | ktutil' multihost.client[0].run_command(ktutil_cmd, raiseonerr=False) @@ -3227,7 +3225,7 @@ def test_0040_ad_parameters_newline_ssh_key( 'ad_enable_gc': 'False', 'ldap_user_ssh_public_key': 'msDS-cloudExtensionAttribute1', 'ldap_user_search_base': f'CN=Users,' - f'{multihost.ad[0].domain_basedn_entry}', + f'{multihost.ad[0].domain_basedn_entry}', 'ldap_id_mapping': 'False', 'debug_level': '9', 'cache_credentials': 'True', @@ -3863,5 +3861,5 @@ def test_0047_ad_parameters_filter_group( # Evaluate test results assert getent_groupinfo, f"Could not find group {adgroup}!" assert id_cmd.returncode == 0, f"User {aduser} was not found!" - assert getent_groupinfo['gid'] not in id_cmd.stdout_text,\ + assert getent_groupinfo['gid'] not in id_cmd.stdout_text, \ f"{adgroup} gid was not filtered!" diff --git a/src/tests/multihost/ad/test_adschema.py b/src/tests/multihost/ad/test_adschema.py index 7ef7398020e..1a2cbd671c2 100644 --- a/src/tests/multihost/ad/test_adschema.py +++ b/src/tests/multihost/ad/test_adschema.py @@ -37,24 +37,23 @@ def fixture_prepare_users(session_multihost, request): # Add gecos to user 1 usr = f"powershell.exe -inputformat none -noprofile 'Set-ADUser " \ - f"-Identity \"{ad_user_1}\" -Add @{{" \ - f"gecos = \"{ad_user_1}\";}}'" + f"-Identity \"{ad_user_1}\" -Add @{{" \ + f"gecos = \"{ad_user_1}\";}}'" session_multihost.ad[0].run_command(usr, raiseonerr=False) # Set user primary group upg = f"powershell.exe -inputformat none -noprofile " \ - f"'Set-ADUserPrimaryGroup {ad_user_1} \'{ad_group_1}\''" + f"'Set-ADUserPrimaryGroup {ad_user_1} \'{ad_group_1}\''" res = session_multihost.ad[0].run_command(upg, raiseonerr=False) # Windows 2012R2 does not know Set-ADUserPrimaryGroup # This is a crude re-implementation if "'Set-ADUserPrimaryGroup' is not recognized" in res.stderr_text: info_cmd = f"powershell.exe -inputformat none -noprofile '" \ - f"write-host $(Get-ADGroup -Identity {ad_group_1}).SID'" + f"write-host $(Get-ADGroup -Identity {ad_group_1}).SID'" cmd = session_multihost.ad[0].run_command(info_cmd, raiseonerr=False) group_id = cmd.stdout_text.strip().split('-')[-1] pgp_cmd = f"powershell.exe -inputformat none -noprofile Set-ADUser " \ - f"-Identity {ad_user_1} -Replace @{{'primaryGroupID' = " \ - f"'{group_id}'}}" + f"-Identity {ad_user_1} -Replace @{{'primaryGroupID' = '{group_id}'}}" session_multihost.ad[0].run_command(pgp_cmd, raiseonerr=False) # Setup posix user 2 @@ -64,8 +63,7 @@ def fixture_prepare_users(session_multihost, request): # Add gecos to user 2 usr = f"powershell.exe -inputformat none -noprofile 'Set-ADUser " \ - f"-Identity \"{ad_user_2}\" -Add @{{" \ - f"gecos = \"{ad_user_2}\";}}'" + f"-Identity \"{ad_user_2}\" -Add @{{gecos = \"{ad_user_2}\";}}'" session_multihost.ad[0].run_command(usr, raiseonerr=False) def remove_ad_user_groups():