Testing IPA trust with AD and Samba
To test setup with IPA server and trusted Active Directory or Samba domain, you can use the following topologies:
sssd_test_framework.topology.KnownTopologyGroup.IPATrust
(parametrized)
The topology provides trusted fixture, which is the reference to the trusted
domain role object (either AD
or
Samba
). You can use
GenericADProvider
generic class for
parametrized tests.
@pytest.mark.topology(KnownTopologyGroup.IPATrust)
def test_trust__example(ipa: IPA, trusted: GenericADProvider):
username = trusted.fqn("administrator")
external = ipa.group("external-group").add(external=True).add_member(username)
ipa.group("posix-group").add(gid=5001).add_member(external)
ipa.sssd.clear(db=True, memcache=True, logs=True)
ipa.sssd.restart()
# Cache trusted user
result = ipa.tools.id(username)
assert result is not None
assert result.user.name == username
assert result.memberof("posix-group")
# Expire the user and resolve it again, this will trigger the affected code path
ipa.sssctl.cache_expire(user=username)
result = ipa.tools.id(username)
assert result is not None
assert result.user.name == username
assert result.memberof("posix-group")
# Check that SSSD did not go offline
result = ipa.sssctl.domain_status(trusted.domain, online=True)
assert "online status: offline" not in result.stdout.lower()
assert "online status: online" in result.stdout.lower()