#50520 Issue: 48055 - CI test - automember_plugin(part1)
Opened 2 months ago by aborah. Modified 15 days ago
aborah/389-ds-base auto1_and_admin  into  master

@@ -0,0 +1,772 @@ 

+ # --- BEGIN COPYRIGHT BLOCK ---

+ # Copyright (C) 2019 Red Hat, Inc.

+ # All rights reserved.

+ #

+ # License: GPL (version 3 or any later version).

+ # See LICENSE for details.

+ # --- END COPYRIGHT BLOCK ---

+ 

+ """

+ Will test AutoMememer Plugin with AotoMember Task and Retro Changelog

+ """

+ 

+ import os

+ from lib389.topologies import topology_m1 as topo

+ from lib389.idm.organizationalunit import OrganizationalUnits

+ from lib389.idm.domain import Domain

+ from lib389.idm.posixgroup import PosixGroups

+ from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions, \

+     MemberOfPlugin, AutoMembershipRegexRules, AutoMembershipDefinition

+ from lib389.backend import Backends

+ from lib389.config import Config

+ from lib389._constants import DEFAULT_SUFFIX

+ from lib389.utils import ds_is_newer

+ import ldap

+ import pytest

+ from lib389.idm.group import Groups, Group, UniqueGroup, nsAdminGroups, nsAdminGroup

+ 

+ pytestmark = pytest.mark.tier1

+ 

+ BASE_SUFF = "dc=autoMembers,dc=com"

+ TEST_BASE = "dc=testAutoMembers,dc=com"

+ BASE_REPL = "dc=replAutoMembers,dc=com"

+ SUBSUFFIX = "dc=SubSuffix,{}".format(BASE_SUFF)

+ REPMANDN = "cn=ReplManager"

+ CACHE_SIZE = '-1'

+ CACHEMEM_SIZE = '10485760'

+ AUTO_MEM_SCOPE_TEST = "ou=Employees,{}".format(TEST_BASE)

+ AUTO_MEM_SCOPE_BASE = "ou=Employees,{}".format(BASE_SUFF)

+ 

+ 

+ def add_base_entries(topo):

+     """

+     Will create suffix

+     """

+     for suffix, backend_name in [(BASE_SUFF, 'AutoMembers'), (SUBSUFFIX, 'SubAutoMembers'),

+                                  (TEST_BASE, 'testAutoMembers'), (BASE_REPL, 'ReplAutoMembers'),

+                                  ("dc=SubSuffix,{}".format(BASE_REPL), 'ReplSubAutoMembers')]:

+         Backends(topo.ms["master1"]).create(properties={

+             'cn': backend_name,

+             'nsslapd-suffix': suffix,

+             'nsslapd-CACHE_SIZE': CACHE_SIZE,

+             'nsslapd-CACHEMEM_SIZE': CACHEMEM_SIZE})

+         Domain(topo.ms["master1"], suffix).create(properties={

+             'dc': suffix.split('=')[1].split(',')[0],

+             'aci': [

+                 f'(targetattr="userPassword")(version 3.0;aci  "Replication Manager '

+                 f'Access";allow (write,compare) userdn="ldap:///{REPMANDN},cn=config";)',

+                 f'(target ="ldap:///{suffix}")(targetattr !="cn||sn||uid") (version 3.0;'

+                 f'acl "Group Permission";allow (write) '

+                 f'(groupdn = "ldap:///cn=GroupMgr,{suffix}");)',

+                 f'(target ="ldap:///{suffix}")(targetattr !="userPassword")(version 3.0;acl '

+                 f'"Anonym-read access"; allow (read,search,compare)(userdn="ldap:///anyone");)'

+             ]

+         })

+     for suffix, ou_cn in [(BASE_SUFF, 'userGroups'),

+                           (BASE_SUFF, 'Employees'),

+                           (BASE_SUFF, 'TaskEmployees'),

+                           (TEST_BASE, 'Employees')]:

+         OrganizationalUnits(topo.ms["master1"], suffix).create(properties={'ou': ou_cn})

+ 

+ 

+ def add_user(topo, user_id, suffix, uid_no, gid_no, role_usr):

+     """

+     Will create entries with nsAdminGroups objectclass

+     """

+     user = nsAdminGroups(topo.ms["master1"], suffix, rdn=None).create(properties={

+         'cn': user_id,

+         'sn': user_id,

+         'uid': user_id,

+         'homeDirectory': '/home/{}'.format(user_id),

+         'loginShell': '/bin/bash',

+         'uidNumber': uid_no,

+         'gidNumber': gid_no,

+         'objectclass': ['top', 'person', 'posixaccount', 'inetuser',

+                         'nsMemberOf', 'nsAccount', 'nsAdminGroup'],

+         'nsAdminGroupName': role_usr,

+         'seeAlso': 'uid={},{}'.format(user_id, suffix),

+         'entrydn': 'uid={},{}'.format(user_id, suffix)

+     })

+     return user

+ 

+ 

+ def check_groups(topo, group_dn, user_dn, member):

+     """

+     Will check MEMBATTR

+     """

+     return bool(Group(topo.ms["master1"], group_dn).present(member, user_dn))

+ 

+ 

+ def add_group(topo, suffix, group_id):

+     """

+     Will create groups

+     """

+     Groups(topo.ms["master1"], suffix, rdn=None).create(properties={

+         'cn': group_id

+     })

+ 

+ 

+ def add_group_entries(topo):

+     """

+     Will create multiple entries needed for this test script

+     """

+     for suffix, group in [(SUBSUFFIX, 'subsuffGroups'),

+                           (SUBSUFFIX, 'Employees'),

+                           (TEST_BASE, 'testuserGroups'),

+                           ("dc=SubSuffix,{}".format(BASE_REPL), 'replsubGroups'),

+                           (BASE_REPL, 'replsubGroups')]:

+         add_group(topo, suffix, group)

+     for group_cn in ['SubDef1', 'SubDef2', 'SubDef3', 'SubDef4', 'SubDef5']:

+         add_group(topo, BASE_REPL, group_cn)

+     for user in ['Managers', 'Contractors', 'Interns', 'Visitors']:

+         add_group(topo, "cn=replsubGroups,{}".format(BASE_REPL), user)

+     for ou_ou, group_cn in [("ou=userGroups,{}".format(BASE_SUFF), 'SuffDef1'),

+                             ("ou=userGroups,{}".format(BASE_SUFF), 'SuffDef2'),

+                             ("ou=userGroups,{}".format(BASE_SUFF), 'SuffDef3'),

+                             ("ou=userGroups,{}".format(BASE_SUFF), 'SuffDef4'),

+                             ("ou=userGroups,{}".format(BASE_SUFF), 'SuffDef5'),

+                             ("ou=userGroups,{}".format(BASE_SUFF), 'Contractors'),

+                             ("ou=userGroups,{}".format(BASE_SUFF), 'Managers'),

+                             ("CN=testuserGroups,{}".format(TEST_BASE), 'TestDef1'),

+                             ("CN=testuserGroups,{}".format(TEST_BASE), 'TestDef2'),

+                             ("CN=testuserGroups,{}".format(TEST_BASE), 'TestDef3'),

+                             ("CN=testuserGroups,{}".format(TEST_BASE), 'TestDef4'),

+                             ("CN=testuserGroups,{}".format(TEST_BASE), 'TestDef5')]:

+         add_group(topo, ou_ou, group_cn)

+     for ou_ou, group_cn, grp_no in [(SUBSUFFIX, 'SubDef1', '111'),

+                                     (SUBSUFFIX, 'SubDef2', '222'),

+                                     (SUBSUFFIX, 'SubDef3', '333'),

+                                     (SUBSUFFIX, 'SubDef4', '444'),

+                                     (SUBSUFFIX, 'SubDef5', '555'),

+                                     ('cn=subsuffGroups,{}'.format(SUBSUFFIX),

+                                      'Managers', '666'),

+                                     ('cn=subsuffGroups,{}'.format(SUBSUFFIX),

+                                      'Contractors', '999')]:

+         PosixGroups(topo.ms["master1"], ou_ou, rdn=None).create(properties={

+             'cn': group_cn,

+             'gidNumber': grp_no

+         })

+ 

+ 

+ def add_member_attr(topo, group_dn, user_dn, member):

+     """

+     Will add members to groups

+     """

+     Group(topo.ms["master1"], group_dn).add(member, user_dn)

+ 

+ 

+ def change_grp_objclass(new_object, member, type_of):

+     """

+     Will change objectClass

+     """

+     try:

+         type_of.remove(member, None)

+     except ldap.NO_SUCH_ATTRIBUTE:

+         pass

+     type_of.ensure_state(properties={

+         'cn': type_of.get_attr_val_utf8('cn'),

+         'objectClass': ['top', 'nsMemberOf', new_object]

+     })

+ 

+ 

+ @pytest.fixture(scope="module")

+ def _create_all_entries(topo):

+     """

+     Fixture module that will create required entries for test cases.

+     """

+     add_base_entries(topo)

+     add_group_entries(topo)

+     auto = AutoMembershipPlugin(topo.ms["master1"])

+     auto.add("nsslapd-pluginConfigArea", "cn=autoMembersPlugin,{}".format(BASE_REPL))

+     MemberOfPlugin(topo.ms["master1"]).enable()

+     automembers_definitions = AutoMembershipDefinitions(topo.ms["master1"])

+     automembers_definitions.create(properties={

+         'cn': 'userGroups',

+         'autoMemberScope': f'ou=Employees,{BASE_SUFF}',

+         'autoMemberFilter': "objectclass=posixAccount",

+         'autoMemberDefaultGroup': [

+             f'cn=SuffDef1,ou=userGroups,{BASE_SUFF}',

+             f'cn=SuffDef2,ou=userGroups,{BASE_SUFF}',

+             f'cn=SuffDef3,ou=userGroups,{BASE_SUFF}',

+             f'cn=SuffDef4,ou=userGroups,{BASE_SUFF}',

+             f'cn=SuffDef5,ou=userGroups,{BASE_SUFF}'

+         ],

+         'autoMemberGroupingAttr': 'member:dn',

+     })

+ 

+     automembers_definitions.create(properties={

+         'cn': 'subsuffGroups',

+         'autoMemberScope': f'ou=Employees,{BASE_SUFF}',

+         'autoMemberFilter': "objectclass=posixAccount",

+         'autoMemberDefaultGroup': [

+             f'cn=SubDef1,dc=subSuffix,{BASE_SUFF}',

+             f'cn=SubDef2,dc=subSuffix,{BASE_SUFF}',

+             f'cn=SubDef3,dc=subSuffix,{BASE_SUFF}',

+             f'cn=SubDef4,dc=subSuffix,{BASE_SUFF}',

+             f'cn=SubDef5,dc=subSuffix,{BASE_SUFF}',

+         ],

+         'autoMemberGroupingAttr': 'memberuid:dn',

+     })

+ 

+     automembers_regex_usergroup = AutoMembershipRegexRules(topo.ms["master1"],

+                                                            f'cn=userGroups,{auto.dn}')

+     automembers_regex_usergroup.create(properties={

+         'cn': 'Managers',

+         'description': f'Group placement for Managers',

+         'autoMemberTargetGroup': [f'cn=Managers,ou=userGroups,{BASE_SUFF}'],

+         'autoMemberInclusiveRegex': [

+             "gidNumber=^9",

+             "nsAdminGroupName=^Manager",

+         ],

+         "autoMemberExclusiveRegex": [

+             "gidNumber=^[6-8]",

+             "nsAdminGroupName=^Junior$",

+         ],

+     })

+ 

+     automembers_regex_usergroup.create(properties={

+         'cn': 'Contractors',

+         'description': f'Group placement for Contractors',

+         'autoMemberTargetGroup': [f'cn=Contractors,ou=userGroups,{BASE_SUFF}'],

+         'autoMemberInclusiveRegex': [

+             "gidNumber=^1",

+             "nsAdminGroupName=Contractor",

+         ],

+         "autoMemberExclusiveRegex": [

+             "gidNumber=^[2-4]",

+             "nsAdminGroupName=^Employee$",

+         ],

+     })

+ 

+     automembers_regex_sub = AutoMembershipRegexRules(topo.ms["master1"],

+                                                      f'cn=subsuffGroups,{auto.dn}')

+     automembers_regex_sub.create(properties={

+         'cn': 'Managers',

+         'description': f'Group placement for Managers',

+         'autoMemberTargetGroup': [f'cn=Managers,cn=subsuffGroups,dc=subSuffix,{BASE_SUFF}'],

+         'autoMemberInclusiveRegex': [

+             "gidNumber=^[1-4]..3$",

+             "uidNumber=^5.5$",

+             "nsAdminGroupName=^Manager$|^Supervisor$",

+         ],

+         "autoMemberExclusiveRegex": [

+             "gidNumber=^[6-8].0$",

+             "uidNumber=^999$",

+             "nsAdminGroupName=^Junior$",

+         ],

+     })

+ 

+     automembers_regex_sub.create(properties={

+         'cn': 'Contractors',

+         'description': f'Group placement for Contractors',

+         'autoMemberTargetGroup': [f'cn=Contractors,cn=subsuffGroups,dc=SubSuffix,{BASE_SUFF}'],

+         'autoMemberInclusiveRegex': [

+             "gidNumber=^[5-9].3$",

+             "uidNumber=^8..5$",

+             "nsAdminGroupName=^Contract|^Temporary$",

+         ],

+         "autoMemberExclusiveRegex": [

+             "gidNumber=^[2-4]00$",

+             "uidNumber=^[1,3,8]99$",

+             "nsAdminGroupName=^Employee$",

+         ],

+     })

+     for cn_name, ou_name in [('testuserGroups', 'Employees'), ('hostGroups', 'HostEntries')]:

+         automembers_definitions.create(properties={

+             'cn': cn_name,

+             'autoMemberScope': f'ou={ou_name},dc=testautoMembers,dc=com',

+             'autoMemberFilter': "objectclass=posixAccount",

+             'autoMemberDefaultGroup': [

+                 f'cn=TestDef1,cn={cn_name},dc=testautoMembers,dc=com',

+                 f'cn=TestDef2,cn={cn_name},dc=testautoMembers,dc=com',

+                 f'cn=TestDef3,cn={cn_name},dc=testautoMembers,dc=com',

+                 f'cn=TestDef4,cn={cn_name},dc=testautoMembers,dc=com',

+                 f'cn=TestDef5,cn={cn_name},dc=testautoMembers,dc=com',

+             ],

+             'autoMemberGroupingAttr': 'member:dn',

+         })

+ 

+     topo.ms["master1"].restart()

+ 

+ 

+ def test_disable_the_plug_in(topo, _create_all_entries):

+     """Plug-in and check the status

+     :id: 4feee76c-e7ff-11e8-836e-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Disable the plug-in and check the status

+         2. Enable the plug-in and check the status

+     :expected results:

+         1. Should success

+         2. Should success

+     """

+     instance_auto = AutoMembershipPlugin(topo.ms["master1"])

+     instance_auto.disable()

+     assert not instance_auto.status()

+     instance_auto.enable()

+     assert instance_auto.status()

+ 

+ 

+ def test_custom_config_area(topo, _create_all_entries):

+     """Custom config area

+     :id: 4fefb8cc-e7ff-11e8-92fd-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Check whether the plugin can be configured for custom config area

+         2. After adding custom config area can be removed

+     :expected results:

+         1. Should success

+         2. Should success

+     """

+     instance_auto = AutoMembershipPlugin(topo.ms["master1"])

+     instance_auto.replace("nsslapd-pluginConfigArea", DEFAULT_SUFFIX)

+     assert instance_auto.get_attr_val_utf8("nsslapd-pluginConfigArea")

+     instance_auto.remove("nsslapd-pluginConfigArea", DEFAULT_SUFFIX)

+     assert not instance_auto.get_attr_val_utf8("nsslapd-pluginConfigArea")

+ 

+ 

+ @pytest.mark.bz834053

+ def test_ability_to_control_behavior_of_modifiers_name(topo, _create_all_entries):

+     """

+     :id: 4ff16370-e7ff-11e8-838d-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Turn on 'nsslapd-plugin-binddn-tracking'

+         2. Add an user

+         3. Check the creatorsname in the user entry

+         4. Check the internalCreatorsname in the user entry

+         5. Check the modifiersname in the user entry

+         6. Check the internalModifiersname in the user entry

+         7. Unset nsslapd-plugin-binddn-tracking attribute under

+         cn=config and delete the test enteries

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+         4. Should success

+         5. Should success

+         6. Should success

+         7. Should success

+     """

+     instance1 = topo.ms["master1"]

+     configure = Config(instance1)

+     configure.replace('nsslapd-plugin-binddn-tracking', 'on')

+     instance1.restart()

+     assert configure.get_attr_val_utf8('nsslapd-plugin-binddn-tracking') == 'on'

+     user = add_user(topo, "User_autoMembers_05", "ou=Employees,{}".format(TEST_BASE),

+                     "19", "18", "Supervisor")

+     # search the User DN name for the creatorsname in user entry

+     assert user.get_attr_val_utf8('creatorsname') == 'cn=directory manager'

+     # search the User DN name for the internalCreatorsname in user entry

+     assert user.get_attr_val_utf8('internalCreatorsname') == \

+            'cn=ldbm database,cn=plugins,cn=config'

+     # search the modifiersname in the user entry

+     assert user.get_attr_val_utf8('modifiersname') == 'cn=directory manager'

+     # search the internalModifiersname in the user entry

+     assert user.get_attr_val_utf8('internalModifiersname') == \

+            'cn=MemberOf Plugin,cn=plugins,cn=config'

+     # unset nsslapd-plugin-binddn-tracking attribute

+     configure.replace('nsslapd-plugin-binddn-tracking', 'off')

+     instance1.restart()

+     # deleting test enteries of automember05 test case

+     user.delete()

+ 

+ 

+ def test_posixaccount_objectclass_automemberdefaultgroup(topo, _create_all_entries):

+     """Verify the PosixAccount user

+     :id: 4ff0f642-e7ff-11e8-ac88-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Add users with PosixAccount ObjectClass

+         2. Verify the same user added as a member to autoMemberDefaultGroup

+     :expected results:

+         1. Should success

+         2. Should success

+     """

+     test_id = "autoMembers_05"

+     default_group = "cn=TestDef1,CN=testuserGroups,{}".format(TEST_BASE)

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "18", "Supervisor")

+     assert check_groups(topo, default_group, user.dn, "member")

+     user.delete()

+     with pytest.raises(AssertionError):

+         assert check_groups(topo, default_group, user.dn, "member")

+ 

+ 

+ def test_duplicated_member_attributes_added_when_the_entry_is_re_created(topo, _create_all_entries):

+     """Checking whether duplicated member attributes added when the entry is re-created

+     :id: 4ff2afaa-e7ff-11e8-8a92-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create a user

+         2. It should present as member in all automember groups

+         3. Delete use

+         4. It should not present as member in all automember groups

+         5. Recreate same user

+         6. It should present as member in all automember groups

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+         4. Should success

+         5. Should success

+         6. Should success

+     """

+     test_id = "autoMembers_06"

+     default_group = "cn=TestDef1,CN=testuserGroups,{}".format(TEST_BASE)

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "16", "Supervisor")

+     assert check_groups(topo, default_group, user.dn, "member")

+     user.delete()

+     with pytest.raises(AssertionError):

+         assert check_groups(topo, default_group, user.dn, "member")

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "15", "Supervisor")

+     assert check_groups(topo, default_group, user.dn, "member")

+     user.delete()

+ 

+ 

+ def test_multi_valued_automemberdefaultgroup_for_hostgroups(topo, _create_all_entries):

+     """Multi-valued autoMemberDefaultGroup

+     :id: 4ff32a02-e7ff-11e8-99a1-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create a user

+         2. Check user is present in all Automember Groups as member

+         3. Delete the user

+         4. Check user is not present in all Automember Groups

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+         4. Should success

+     """

+     test_id = "autoMembers_07"

+     default_group1 = "cn=TestDef1,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group2 = "cn=TestDef2,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group3 = "cn=TestDef3,CN=testuserGroups,{}".format(TEST_BASE)

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "14", "TestEngr")

+     for grp in [default_group1, default_group2, default_group3]:

+         assert check_groups(topo, grp, user.dn, "member")

+     user.delete()

+     with pytest.raises(AssertionError):

+         assert check_groups(topo, default_group1, user.dn, "member")

+ 

+ 

+ def test_plugin_creates_member_attributes_of_the_automemberdefaultgroup(topo, _create_all_entries):

+     """Checking whether plugin creates member attributes if it already

+         exists for some of the autoMemberDefaultGroup

+     :id: 4ff3ba76-e7ff-11e8-9846-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Add a non existing user to some groups as member

+         2. Then Create the user

+         3. Check the same user is present to other groups also as member

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+     """

+     test_id = "autoMembers_08"

+     default_group1 = "cn=TestDef1,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group2 = "cn=TestDef5,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group3 = "cn=TestDef3,CN=testuserGroups,{}".format(TEST_BASE)

+     add_member_attr(topo,

+                     "cn=TestDef2,CN=testuserGroups,{}".format(TEST_BASE),

+                     "uid=User_{},{}".format(test_id, AUTO_MEM_SCOPE_TEST), "member")

+     add_member_attr(topo,

+                     "cn=TestDef4,CN=testuserGroups,{}".format(TEST_BASE),

+                     "uid=User_{},{}".format(test_id, AUTO_MEM_SCOPE_TEST), "member")

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "14", "TestEngr")

+     for grp in [default_group1, default_group2, default_group3]:

+         assert check_groups(topo, grp, user.dn, "member")

+     user.delete()

+ 

+ 

+ def test_multi_valued_automemberdefaultgroup_with_uniquemember(topo, _create_all_entries):

+     """Multi-valued autoMemberDefaultGroup with uniquemember attributes

+     :id: 4ff4461c-e7ff-11e8-8124-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Modify automember config entry to use uniquemember

+         2. Change object class for all groups which is used for  automember grouping

+         3. Add user uniquemember attributes

+         4. Check uniqueMember attribute in groups

+         5. Revert the changes done above

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+         4. Should success

+         5. Should success

+     """

+     test_id = "autoMembers_09"

+     instance = topo.ms["master1"]

+     auto = AutoMembershipPlugin(topo.ms["master1"])

+     # Modify automember config entry to use uniquemember: cn=testuserGroups,PLUGIN_AUTO

+     AutoMembershipDefinition(

+         instance, "cn=testuserGroups,{}".format(auto.dn)).replace('autoMemberGroupingAttr',

+                                                                   "uniquemember: dn")

+     instance.restart()

+     default_group1 = "cn=TestDef1,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group2 = "cn=TestDef2,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group3 = "cn=TestDef3,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group4 = "cn=TestDef4,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group5 = "cn=TestDef5,CN=testuserGroups,{}".format(TEST_BASE)

+     for grp in (default_group1, default_group2, default_group3, default_group4, default_group5):

+         instance_of_group = Group(topo.ms["master1"], grp)

+         change_grp_objclass("groupOfUniqueNames", "member", instance_of_group)

+     # Add user: uid=User_{test_id}, AutoMemScope

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "14", "New")

+     # Checking groups...

+     assert user.dn.lower() in UniqueGroup(topo.ms["master1"],

+                                           default_group1).get_attr_val_utf8("uniqueMember")

+     # Delete user uid=User_{test_id},AutoMemScope

+     user.delete()

+     # Change the automember config back to using \"member\"

+     AutoMembershipDefinition(

+         instance, "cn=testuserGroups,{}".format(auto.dn)).replace('autoMemberGroupingAttr',

+                                                                   "member: dn")

+     for grp in [default_group1, default_group2, default_group3, default_group4, default_group5]:

+         instance_of_group = UniqueGroup(topo.ms["master1"], grp)

+         change_grp_objclass("groupOfNames", "uniquemember", instance_of_group)

+     topo.ms["master1"].restart()

+ 

+ 

+ def test_invalid_automembergroupingattr_member(topo, _create_all_entries):

+     """Invalid autoMemberGroupingAttr-member

+     :id: 4ff4b598-e7ff-11e8-a3a3-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Change object class for one group which is used for  automember grouping

+         2. Try to add user with invalid parameter

+         3. Check member attribute on other groups

+         4. Check member attribute on group where object class was changed

+         5. Revert the object class where it was changed

+     :expected results:

+         1. Should success

+         2. Should fail (ldap.UNWILLING_TO_PERFORM)

+         3. Should success

+         4. Should fail (AssertionError)

+         5. Should success

+     """

+     test_id = "autoMembers_10"

+     default_group = "cn=TestDef1,CN=testuserGroups,{}".format(TEST_BASE)

+     instance_of_group = Group(topo.ms["master1"], default_group)

+     change_grp_objclass("groupOfUniqueNames", "member", instance_of_group)

+     with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+         add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "20", "Invalid")

+     with pytest.raises(AssertionError):

+         assert check_groups(topo, default_group,

+                             "uid=User_{},{}".format(test_id, AUTO_MEM_SCOPE_TEST), "member")

+     change_grp_objclass("groupOfNames", "uniquemember", instance_of_group)

+ 

+ 

+ @pytest.mark.xfail(ds_is_newer('1.4.0.191'), reason="It may be a regression",

+                    run=True, raises=None, strict=False)

+ def test_valid_and_invalid_automembergroupingattr(topo, _create_all_entries):

+     """Valid and invalid autoMemberGroupingAttr

+     :id: 4ff4fad0-e7ff-11e8-9cbd-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Change object class for some groups which is used for  automember grouping

+         2. Try to add user with invalid parameter

+         3. Check member attribute on other groups

+         4. Check member attribute on groups where object class was changed

+         5. Revert the object class where it was changed

+     :expected results:

+         1. Should success

+         2. Should fail (ldap.UNWILLING_TO_PERFORM)

+         3. Should success

+         4. Should fail (AssertionError)

+         5. Should success

+     """

+     test_id = "autoMembers_11"

+     default_group_1 = "cn=TestDef1,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group_2 = "cn=TestDef2,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group_3 = "cn=TestDef3,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group_4 = "cn=TestDef4,CN=testuserGroups,{}".format(TEST_BASE)

+     default_group_5 = "cn=TestDef5,CN=testuserGroups,{}".format(TEST_BASE)

+     grp_4_5 = [default_group_4, default_group_5]

+     for grp in grp_4_5:

+         instance_of_group = Group(topo.ms["master1"], grp)

+         change_grp_objclass("groupOfUniqueNames", "member", instance_of_group)

+     with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+         add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_TEST, "19", "24", "MixUsers")

+     for grp in [default_group_1, default_group_2, default_group_3]:

+         assert check_groups(topo, grp, "cn=User_{},{}".format(test_id,

+                                                               AUTO_MEM_SCOPE_TEST), "member")

+     for grp in grp_4_5:

+         with pytest.raises(AssertionError):

+             assert check_groups(topo, grp, "cn=User_{},{}".format(test_id,

+                                                                   AUTO_MEM_SCOPE_TEST), "member")

+     for grp in grp_4_5:

+         instance_of_group = Group(topo.ms["master1"], grp)

+         change_grp_objclass("groupOfNames", "uniquemember", instance_of_group)

+ 

+ 

+ def test_add_regular_expressions_for_user_groups_and_check_for_member_attribute_after_adding_users(

+         topo, _create_all_entries):

+     """Regular expressions for user groups

+     :id: 4ff53fc2-e7ff-11e8-9a18-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Add user with a match with regular expressions for user groups

+         2. check for member attribute after adding users

+     :expected results:

+         1. Should success

+         2. Should success

+     """

+     test_id = "autoMembers_12"

+     default_group = "cn=SuffDef1,ou=userGroups,{}".format(BASE_SUFF)

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_BASE, "19", "0", "HR")

+     assert check_groups(topo, default_group, user.dn, "member")

+     assert len(nsAdminGroup(topo.ms["master1"], user.dn).get_attr_vals_utf8('memberOf')) == 5

+     user.delete()

+ 

+ 

+ def test_users_with_gid_nos_matching_the_inclusive_regular_expression(topo, _create_all_entries):

+     """Inclusive regular expression

+     :id: 4ff58004-e7ff-11e8-9ca5-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create users with gid nos matching the Inclusive regular expression

+         2. User will be filtered with gid number(9788 and 9392) and nsAdminGroupName("VPEngg")

+         3. It will be a match for managers_grp

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+     """

+     test_id = "autoMembers_13"

+     managers_grp = "cn=Managers,ou=userGroups,{}".format(BASE_SUFF)

+     user1 = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_BASE, "9788", "9789", "VPEngg")

+     user2 = add_user(topo, "SecondUser_{}".format(test_id),

+                      AUTO_MEM_SCOPE_BASE, "9392", "9393", "VPEngg")

+     for user_dn in [user1.dn, user2.dn]:

+         assert check_groups(topo, managers_grp, user_dn, "member")

+     for user in (user1, user2):

+         user.delete()

+ 

+ 

+ def test_users_with_manager_role_matching_inclusive_regular_expression(topo, _create_all_entries):

+     """Manager role matching the Inclusive regular expression

+     :id: 4ff5b466-e7ff-11e8-99f2-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create users with Manager role matching the Inclusive regular expression

+         2. User will be filtered with gid number(561 and 562) and nsAdminGroupName("Manager")

+         3. It will be a match for managers_grp

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+     """

+     test_id = "autoMembers_14"

+     managers_grp = "cn=Managers,ou=userGroups,{}".format(BASE_SUFF)

+     user1 = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_BASE, "561", "562", "Manager")

+     user2 = add_user(topo, "SecondUser_{}".format(test_id),

+                      AUTO_MEM_SCOPE_BASE, "562", "563", "Manager")

+     for user in [user1, user2]:

+         assert check_groups(topo, managers_grp, user.dn, "member")

+     for user in (user1, user2):

+         user.delete()

+ 

+ 

+ def test_users_with_matching_gidrole_for_inclusive_regular_expression(topo, _create_all_entries):

+     """For the Inclusive regular expression

+     :id: 4ff5e8e6-e7ff-11e8-bdd4-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create users with matching gid nos and Role for the Inclusive regular expression

+         2. Users will be filtered with gid number(9291 and 9288) and nsAdminGroupName("Manager")

+         3. It will be a match for managers_grp

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+     """

+     test_id = "autoMembers_15"

+     managers_grp = "cn=Managers,ou=userGroups,{}".format(BASE_SUFF)

+     user1 = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_BASE,

+                      "9288", "9289", "Manager")

+     user2 = add_user(topo, "SecondUser_{}".format(test_id),

+                      AUTO_MEM_SCOPE_BASE, "9291", "9292", "Manager")

+     for user_dn in [user1.dn, user2.dn]:

+         assert check_groups(topo, managers_grp, user_dn, "member")

+     for user in (user1, user2):

+         user.delete()

+ 

+ 

+ def test_users_with_gid_nos_matching_the_exclusive_regular_expression(topo, _create_all_entries):

+     """Matching the Exclusive regular expression

+     :id: 4ff61e60-e7ff-11e8-8859-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create User with gid nos matching the Exclusive regular expression

+         2. User will be filtered with gid number(6788) and nsAdminGroupName("Manager")

+         3. It will a match for default_groups(5) but not for managers_grp

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+     """

+     test_id = "autoMembers_16"

+     managers_grp = "cn=Managers,ou=userGroups,{}".format(BASE_SUFF)

+     default_group = "cn=SuffDef1,ou=userGroups,{}".format(BASE_SUFF)

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_BASE, "6788", "6789", "Manager")

+     with pytest.raises(AssertionError):

+         assert check_groups(topo, managers_grp, user.dn, "member")

+     assert check_groups(topo, default_group, user.dn, "member")

+     assert len(nsAdminGroup(topo.ms["master1"], user.dn).get_attr_vals_utf8('memberOf')) == 5

+     user.delete()

+ 

+ 

+ def test_users_junior_role_matching_the_exclusive_regular_expression(topo, _create_all_entries):

+     """Junior role matching the Exclusive regular expression

+     :id: 4ff64e44-e7ff-11e8-a25c-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create User with Junior role matching the Exclusive regular expression

+         2. User will be filtered with gidNumber(562) and nsAdminGroupName("Junior")

+         3. It will a match for default_groups(5) but not for managers_grp

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+     """

+     test_id = "autoMembers_17"

+     managers_grp = "cn=Managers,ou=userGroups,{}".format(BASE_SUFF)

+     default_group = "cn=SuffDef1,ou=userGroups,{}".format(BASE_SUFF)

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_BASE, "562", "563", "Junior")

+     with pytest.raises(AssertionError):

+         assert check_groups(topo, managers_grp, user.dn, "member")

+     assert check_groups(topo, default_group, user.dn, "member")

+     assert len(nsAdminGroup(topo.ms["master1"], user.dn).get_attr_vals_utf8('memberOf')) == 5

+     user.delete()

+ 

+ 

+ def test_users_with_matching_gid_role_for_the_exclusive_regex_expression(topo, _create_all_entries):

+     """Matching gid nos and Role

+     :id: 4ff67950-e7ff-11e8-931f-8c16451d917b

+     :setup: Instance with replication

+     :steps:

+         1. Create user with matching gid nos that matches Exclusive regular expression

+         2. It will be filtered with gidNumber(6788) and nsAdminGroupName(Junior)

+         3. It will a match for default_groups(5) but not for managers_grp

+     :expected results:

+         1. Should success

+         2. Should success

+         3. Should success

+     """

+     test_id = "autoMembers_18"

+     managers_grp = "cn=Managers,ou=userGroups,{}".format(BASE_SUFF)

+     default_group = "cn=SuffDef1,ou=userGroups,{}".format(BASE_SUFF)

+     user = add_user(topo, "User_{}".format(test_id), AUTO_MEM_SCOPE_BASE, "6788", "6789", "Junior")

+     with pytest.raises(AssertionError):

+         assert check_groups(topo, managers_grp, user.dn, "member")

+     assert check_groups(topo, default_group, user.dn, "member")

+     assert len(nsAdminGroup(topo.ms["master1"], user.dn).get_attr_vals_utf8('memberOf')) == 5

+     user.delete()

+ 

+ 

+ if __name__ == "__main__":

+     CURRENT_FILE = os.path.realpath(__file__)

+     pytest.main("-s -v %s" % CURRENT_FILE)

@@ -143,5 +143,60 @@ 

              self._basedn = '{},{}'.format(ensure_str(rdn), ensure_str(basedn))

  

  

+ class nsAdminGroup(DSLdapObject):

+     """A single instance of User nsAdminGroup entry

  

+     :param instance: An instance

+     :type instance: lib389.DirSrv

+     :param dn: Entry DN

+     :type dn: str

+     """

+ 

+     def __init__(self, instance, dn=None):

+         super(nsAdminGroup, self).__init__(instance, dn)

+         self._rdn_attribute = RDN

+         self._must_attributes = MUST_ATTRIBUTES

+         self._create_objectclasses = [

+             'top',

+             'nsAdminGroup'

+         ]

+         if ds_is_older('1.3.7'):

+             self._create_objectclasses.append('inetUser')

+         else:

+             self._create_objectclasses.append('nsMemberOf')

+         if not ds_is_older('1.4.0'):

+             self._create_objectclasses.append('nsAccount')

+         user_compare_exclude = [

+             'nsUniqueId',

+             'modifyTimestamp',

+             'createTimestamp',

+             'entrydn'

+         ]

+         self._compare_exclude = self._compare_exclude + user_compare_exclude

+         self._protected = False

+ 

+ 

+ class nsAdminGroups(DSLdapObjects):

+     """DSLdapObjects that represents all nsAdminGroups entries in suffix.

+     By default it uses 'ou=People' as rdn.

+ 

+     :param instance: An instance

+     :type instance: lib389.DirSrv

+     :param basedn: Suffix DN

+     :type basedn: str

+     :param rdn: The DN that will be combined wit basedn

+     :type rdn: str

+     """

+ 

+     def __init__(self, instance, basedn, rdn='ou=People'):

+         super(nsAdminGroups, self).__init__(instance)

+         self._objectclasses = [

+             'nsAdminGroup'

+         ]

+         self._filterattrs = [RDN]

+         self._childobject = nsAdminGroup

+         if rdn is None:

+             self._basedn = basedn

+         else:

+             self._basedn = '{},{}'.format(rdn, basedn)

  

CI test - automember_plugin(part1) and add nsAdminGroup

Relates: https://pagure.io/389-ds-base/issue/48055
Fixes: https://pagure.io/389-ds-base/issue/50515

Author: aborah

Reviewed by: ???

rebased onto c03ebe5811e5c0055d1e999b3f76cecb65e6dbd4

2 months ago

rebased onto 7c75b8f3d46c5e39ba22d6d4360796b608ba814b

2 months ago

rebased onto 2f013ee10db2f3d35f992567b4d4a42cc20dfa18

2 months ago

rebased onto ebee6e2

2 months ago

rebased onto a00e7f284f5b0ba660a56c2899d82bee78e39bdf

a month ago

rebased onto 6ea4f155cbbadfebc75e4396748966925d1c4201

a month ago

rebased onto 23635feeca04d5977c6f7738328f155f689072d1

a month ago

rebased onto 5b173a9

a month ago

Fails for me here. F30 with 389-ds-base built from your PR branch

py.test-3 --pylint reports a lot of warnings. Please, check it

I think it should be Accounts instead of DSLdapObjects

Either it should be transformed to the common case for the admin group (utilizing all attributes in a proper way).
Either it should be removed because creating this kind of account is a special case and I'd rather have it in the test suite code for the better visibility.

These three objectclasses are not related to the pure AdminGroup entry.

Please, avoid names like this: autoMembers_from_tet_test.py

The name should indicate the cause of why the test cases are in this test suite together

Please, remove this function and use certain objects for creating proper entries. Like Groups, etc.

suff -> suffix (please, try to avoid word shortenning)
attr -> backend_name

You named it autouserGroups, etc. So why do you create generic OrganizationalUnits instead?

We have DSLdapObject.preset() method. It is better and more transparent to use it

I am not sure why you need this but you can use DSLdapObject.ensure_state() here

What is the second step? I think the function name is misleading

You name it the same everywhere automembers. It is confusing...

We usually name topology.standalone as instance. So it's a bit confusing

You already has marked it as bz834053. So the name should reflect the issue the test case checks

You reuse Config(instance1) a few times, why not assign it to a variable?

It is unclear what you test here... You can add some verb to the name, it'll help probably...

Why not just iterate here? Maybe even through a range() function.

In many test cases, you have only one step but the actual content has 3+ steps. I think the docstring should reflect the main actions at least (no need for overdoing it though)

Fails for me here. F30 with 389-ds-base built from your PR branch

None of the test case failed for me . Please discuss this with viktor as some test cases were failing for him also , but for me non of the test cases failed

1 new commit added

  • Fixing Simon's comments
23 days ago

Please, avoid names like this: autoMembers_from_tet_test.py
The name should indicate the cause of why the test cases are in this test suite together

I have renamed it as autoMembers_task_retro_chlog_test.py as this script will contain automemtask and retro changelog test cases , which i will add on the top of the same file , with my next PR

@spichugi all changes are done as per your suggestion

Please, go once again through the list of my concerns and check if everything is implemented... Or reply why you haven't implemented it...

These three objectclasses are not related to the pure AdminGroup entry.

I need to create entries as: http://git.app.eng.bos.redhat.com/git/dirsrv-tests.git/tree/Shared/DS/6.0/sh/appstates.sh

AddUsers()

objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: nsAdminGroup
objectClass: inetuser

Thats why i have included those objectClass

rebased onto 556e53d

22 days ago

rebased onto d4239f6

22 days ago

1 new commit added

  • Fixing Simon's comments
22 days ago

2 new commits added

  • Fixing Simon's comments
  • Issue: 48055 - CI test - automember_plugin(part1)
22 days ago

2 new commits added

  • Fixing Simon's comments
  • Issue: 48055 - CI test - automember_plugin(part1)
22 days ago
  1. Fails for me here. F30 with 389-ds-base built from your PR branch --- replied
  2. py.test-3 --pylint reports a lot of warnings. Please, check it --- done(Ignored- Redefining, Invalid function name)
  3. I think it should be Accounts instead of DSLdapObjects -- done
  4. Either it should be transformed to the common case for the admin group (utilizing all attributes in a proper way).
    Either it should be removed because creating this kind of account is a special case and I'd rather have it in the test suite code for the better visibility. --- removed
  5. These three objectclasses are not related to the pure AdminGroup entry. -- replied
  6. Please, avoid names like this: autoMembers_from_tet_test.py --- renamed and replied
  7. We have AutoMembershipPlugin object for that --- removed and implmented
  8. Please, remove this function and use certain objects for creating proper entries. Like Groups, etc. -- removed and implmented
  9. suff -> suffix (please, try to avoid word shortenning) -- implmented
  10. It is created automatically during backend.create --- removed and implmented
  11. You named it autouserGroups, etc. So why do you create generic OrganizationalUnits instead? --- As we have different backends we need thes generic OUs to create AutoMembershipRegexRules and for other stuff
  12. You create only one user here -- corrected and implmented
  13. We have DSLdapObject.preset() method. It is better and more transparent to use it -- implmented
  14. Only one group is added -- corrected and implmented
  15. I am not sure why you need this but you can use DSLdapObject.ensure_state() here --- implmented ,we need it , please check test_multi_valued_automemberdefaultgroup_with_uniquemember , test_invalid_automembergroupingattr_member etc
  16. What is the second step? I think the function name is misleading -- corrected and renamed
  17. You name it the same everywhere automembers. It is confusing... -- corrected and renamed
  18. Could be done in a for loop with only two arguments -- corrected and implmented
  19. We usually name topology.standalone as instance. So it's a bit confusing -- corrected and implmented
  20. You already has marked it as bz834053. So the name should reflect the issue the test case checks -- corrected and implmented
  21. You reuse Config(instance1) a few times, why not assign it to a variable? -- implmented
  22. It is unclear what you test here... You can add some verb to the name, it'll help probably... --- corrected and implmented
  23. Why not just iterate here? Maybe even through a range() function. --- corrected and implmented
  24. In many test cases, you have only one step but the actual content has 3+ steps. I think the docstring should reflect the main actions at least (no need for overdoing it though) --- Done
  25. Please, go once again through the list of my concerns and check if everything is implemented... Or reply why you haven't implemented it... --- Done

2 new commits added

  • Fixing Simon's comments
  • Issue: 48055 - CI test - automember_plugin(part1)
21 days ago

Fails for me here. F30 with 389-ds-base built from your PR branch --- replied

Try this Vagrant file - https://paste.fedoraproject.org/paste/xTJUfS10bNqF9QTQaNExgQ
It produces a pretty clean env.

py.test-3 --pylint reports a lot of warnings. Please, check it --- done(Ignored- Redefining, Invalid function name)

C:  1, 0: Module name "autoMembers_task_retro_chlog_test" doesn't conform to snake_case naming style (invalid-name)

Also, I think the naming is completely misleading:
autoMembers - the test suite name already has the word. task and retro_chlog are not the only things there. You test the basic functionality so I think it should be basic or acceptance.

W: 61,16: Duplicate string formatting argument 'suffix', consider passing as named argument (duplicate-string-formatting-argument)

Still present.

These three objectclasses are not related to the pure AdminGroup entry. -- replied

Then the objectclasses should be created additionally if they are needed for you test case.
In general, AdminGroup doesn't need it.

I am not sure why you need this but you can use DSLdapObject.ensure_state() here --- implmented ,we need it , please check
test_multi_valued_automemberdefaultgroup_with_uniquemember , test_invalid_automembergroupingattr_member etc

Could you please explain the logic why we need to add the object classes exactly at that point and not at the beginning while creating the group?
Probably, I miss something...

I think it is more natural to return a boolean here and then assert in the test case if group_is_present

What is the change here? It will confuse git history

Just noticed and I don't understand why you add nsAdminGroup under user.py.
Probably should be in group.py

1 new commit added

  • Fixing Simon's comments 2
20 days ago

3 new commits added

  • Fixing Simon's comments 2
  • Fixing Simon's comments
  • Issue: 48055 - CI test - automember_plugin(part1)
20 days ago

Just noticed and I don't understand why you add nsAdminGroup under user.py.
Probably should be in group.py

Yes , i was also thinking like that , moved to group.y

What is the change here? It will confuse git history

Gone

I think it is more natural to return a boolean here and then assert in the test case if group_is_present

Done

Try this Vagrant file - https://paste.fedoraproject.org/paste/xTJUfS10bNqF9QTQaNExgQ
It produces a pretty clean env.

Now its should not fail

C: 1, 0: Module name "autoMembers_task_retro_chlog_test" doesn't conform to snake_case naming style (invalid-name)

Gone now

Also, I think the naming is completely misleading:
autoMembers - the test suite name already has the word. task and retro_chlog are not the only things there. You test the basic functionality so I think it should be basic or acceptance.

renamed to basic_test.py

W: 61,16: Duplicate string formatting argument 'suffix', consider passing as named argument (duplicate-string-formatting-argument)

Gone

Still present.

Then the objectclasses should be created additionally if they are needed for you test case.
In general, AdminGroup doesn't need it.

Done

I am not sure why you need this but you can use DSLdapObject.ensure_state() here --- implmented ,we need it , please check
test_multi_valued_automemberdefaultgroup_with_uniquemember , test_invalid_automembergroupingattr_member etc

Could you please explain the logic why we need to add the object classes exactly at that point and not at the beginning while creating the group?
Probably, I miss something...

we have created AutoMembershipDefinition with autoMemberGroupingAttr: groupOfNames (comes from Group type)
now in the test we are changing AutoMembershipDefinition(autoMemberGroupingAttr) with autoMemberGroupingAttr: uniquemember (comes from UniqueGroup type) with existing autoMemberGrouping. newly created user should be added to same host group as uniqueMember and verse versa . Its was just as sigle example.

Please check the main script
http://git.app.eng.bos.redhat.com/git/dirsrv-tests.git/tree/testcases/DS/6.0/autoMembers/autoMembers.sh

autoMembers_09, autoMembers_10 etc

Why it is commented out and the next line is there?..

py.test-3 --pylint reports some warnings. Please, check it

Still fails here. Have you checked with a clean install from my Vagrantfile?

Still fails here. Have you checked with a clean install from my Vagrantfile?

test_valid_and_invalid_automembergroupingattr fails after 7096094
What test is doing is it changes the objectClass of the group to the incompatible with the members of the group. Previously automember plugin would deny adding a member with the incorrect OC, but since the change above it allows.

@mreynolds, is this expected?

1 new commit added

  • Fixing Simon's comments
17 days ago

4 new commits added

  • Fixing Simon's comments 3
  • Fixing Simon's comments 2
  • Fixing Simon's comments
  • Issue: 48055 - CI test - automember_plugin(part1)
17 days ago

Why it is commented out and the next line is there?..

Gone

py.test-3 --pylint reports some warnings. Please, check it

Done

Still fails here. Have you checked with a clean install from my Vagrantfile?

Fixed , as suggested by viktor .

Why do you have this line? Even if it's uncommented - it is not assigned anywhere

It is either regression or it is not... It should be clearly defined what it is and it should have an opened tracking issue.

Why do you have this line? Even if it's uncommented - it is not assigned anywhere

It was for troubleshooting purpose , now i have removed it .

It is either regression or it is not... It should be clearly defined what it is and it should have an opened tracking issue.

Viktor has already drop a mail to mark regarding this , but till now we did not get any confirmation/reply , so as per his suggestion we have made it xfail , we will create tracking issue after mark's confirmation . till then we have to merge it as xfail as we have to put more test cases on the top of the same module , which are from same TET test script and uses same entries and test functions .

Sure. Then let's wait for @mreynolds reply, put the info about the issue and then merge. :)

1 new commit added

  • Fixing Simon's comments 4
15 days ago

I get this error trying to run the script:

__________________________________________ ERROR collecting tests/suites/automember_plugin/autoMembers_from_tet_test.py ___________________________________________
/usr/lib/python2.7/site-packages/_pytest/python.py:448: in _importtestmodule
    mod = self.fspath.pyimport(ensuresyspath=importmode)
/usr/lib/python2.7/site-packages/py/_path/local.py:668: in pyimport
    __import__(modname)
E     File "/home/mareynol/source/ds389/389-ds-base/dirsrvtests/tests/suites/automember_plugin/autoMembers_from_tet_test.py", line 46
E       'cn': f'{CN_CONT}'
E                        ^
E   SyntaxError: invalid syntax
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

python2.7

That's a very old version. f-strings are part of python 3.6.

I also had to switch around the imports to look like:

from lib389.idm.group import Groups, Group, UniqueGroups, UniqueGroup, nsAdminGroups
from lib389.idm.user import UserAccounts, UserAccount

nsAdminGroups was attempted to be imported from idm..user (not idm.group)

I don't see import from idm.user.
In the patch:

+ from lib389.idm.group import Groups, Group, UniqueGroup, nsAdminGroups, nsAdminGroup

I have a machine with the reproducer if you want to take a look.

Well I found part of the problem. The test is not updating the correct automember config entry:

AutoMembershipPlugin(topo.ms["master1"]).add("nsslapd-pluginConfigArea",
"cn=autoMembersPlugin,{}".format(BASE_REPL))

ThIs is:

nsslapd-pluginConfigArea: cn=autoMembersPlugin,dc=replAutoMembers,dc=com

But there is no automember config in this entry.

dn: cn=autoMembersPlugin,dc=replAutoMembers,dc=com
objectClass: top
objectClass: nscontainer
cn: autoMembersPlugin
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20190830175354Z
modifyTimestamp: 20190830175354Z
nsUniqueId: 211e4f55-cb4f11e9-9e39a34b-b2b909d7

Looks like it created another config entry under a different suffix, so it's basically being ignored.