From 4671a9af895c76db64e45ecd7939f10fbddf2057 Mon Sep 17 00:00:00 2001 From: aborah-sudo Date: Fri, 7 Feb 2025 15:23:00 +0530 Subject: [PATCH] Tests: Test trasformation SSSD does not crash in nss responder after netgroup timeout when backend is offline SSSD does not crash in nss responder after netgroup timeout when backend is offline --- src/tests/system/tests/test_netgroups.py | 119 +++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py index bbe970d7f2..e8c319ea23 100644 --- a/src/tests/system/tests/test_netgroups.py +++ b/src/tests/system/tests/test_netgroups.py @@ -6,10 +6,13 @@ from __future__ import annotations +import time + import pytest from sssd_test_framework.roles.ad import AD from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.ipa import IPA from sssd_test_framework.roles.ldap import LDAP from sssd_test_framework.roles.samba import Samba from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup @@ -309,3 +312,119 @@ def test_netgroup__uid_gt_2147483647(client: Client, provider: GenericProvider): result = client.tools.getent.group(grpname) assert result is not None, f"getent group for group '{grpname}' is empty!" assert result.name == grpname, f"Group name '{grpname}' did not match result '{result.name}'!" + + +@pytest.mark.importance("low") +@pytest.mark.ticket(bz=1576852) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroup__nss_responder(client: Client, provider: GenericProvider): + """ + :title: SSSD does not crash in nss responder after netgroup timeout when backend is offline + :setup: + 1. A user (user-1) and a netgroup (ng-1) are created, and the user is added as a member of the netgroup + 2. SSSD is restarted with a clean configuration to ensure no stale data is present + :steps: + 1. Depending on the type of provider (AD, IPA, Samba, or LDAP), the script updates the SSSD configuration + with an incorrect server URI (e.g., typo.dc.hostname) + 2. SSSD is restarted again to apply the new configuration + 3. Checks the status of the SSSD domain to ensure it is offline due to the misconfigured server + 4. Capture the process ID (PID) of the sssd_nss process + 5. Try to retrieve the netgroup information again, expecting it to fail since the SSSD domain is offline + 6. Verify that the SSSD processes (sssd, sssd_be, sssd_nss, sssd_pam) are still running and that the + sssd_nss process ID has not changed, indicating that SSSD has not crashed or restarted unexpectedly + :expectedresults: + 1. SSSD configured with incorrect server backend + 2. SSSD restarted + 3. SSSD Offline + 4. Pid of sssd_nss captured + 5. Netgroup info cant be retrieve + 6. SSSD not crashed + :customerscenario: True + """ + user = provider.user("user-1").add() + netgroup = provider.netgroup("ng-1").add().add_member(user=user) + client.sssd.restart(clean=True) + + result = client.tools.getent.netgroup(netgroup.name) + assert result is not None + assert result.members[0].user == "user-1" + + hostname = client.host.hostname + if isinstance(provider, (AD)): + bad_ldap_uri = "typo.dc.%s" % hostname + client.sssd.dom("test").update(ad_server=bad_ldap_uri) + + if isinstance(provider, (IPA)): + bad_ldap_uri = "typo.master.%s" % hostname + client.sssd.dom("test").update(ipa_server=bad_ldap_uri) + + if isinstance(provider, (Samba)): + bad_ldap_uri = "typo.dc.%s" % hostname + client.sssd.dom("test").update(ad_server=bad_ldap_uri) + + if isinstance(provider, (LDAP)): + bad_ldap_uri = "ldaps://typo.%s" % hostname + client.sssd.dom("test").update(ldap_uri=bad_ldap_uri) + + client.sssd.restart(clean=True) + + # Check backend status + assert "Offline" in client.host.conn.run("sssctl domain-status test -o").stdout + + pid_nss = "pidof sssd_nss" + pid_nss1 = client.host.conn.run(pid_nss).stdout + + # request for netgroup + assert not client.tools.getent.netgroup(netgroup.name) + + sssd_proc = ["sssd", "sssd_be", "sssd_nss", "sssd_pam"] + for proc in sssd_proc: + pgrep = "pgrep %s" % proc + client.host.conn.run(pgrep) + + pid_nss2 = client.host.conn.run(pid_nss).stdout + assert pid_nss1 == pid_nss2 + + +@pytest.mark.importance("low") +@pytest.mark.ticket(bz=1779486) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroup__background_refresh(client: Client, provider: GenericProvider): + """ + :title: Verify Netgroup Membership Updates in SSSD Cache After User Addition and Cache Expiry + :setup: + 1. Update SSSD configuration + 2. Restart SSSD + 3. Create a user and netgroup + 4. A second user is created and added to the netgroup + :steps: + 1. The getent command is used to retrieve the netgroup information and user is member of the netgroup + 2. Wait for 30 seconds to allow the cache to expire and be refreshed + 3. The ldbsearch command is used to query the SSSD cache database (cache_test.ldb) + to verify that second user is now part of the netgroup in the cache + :expectedresults: + 1. Retrieves the netgroup information and user is member of the netgroup + 2. Successfully wait + 3. Second user is now part of the netgroup in the cache + :customerscenario: True + """ + client.sssd.dom("test").update(entry_cache_timeout="10", refresh_expired_interval="5") + client.sssd.restart(clean=True) + user = provider.user("user-1").add() + netgroup = provider.netgroup("ng-1").add().add_member(user=user) + + result = client.tools.getent.netgroup(netgroup.name) + assert result is not None + assert result.members[0].user == "user-1" + + user2 = provider.user("user-2").add() + netgroup.add_member(user=user2.name) + + time.sleep(30) + + assert ( + user2.name + in client.host.conn.run( + "ldbsearch -H /var/lib/sss/db/cache_test.ldb " "-b cn=Netgroups,cn=test,cn=sysdb" + ).stdout + )