From 34d048ede0c439b3a53e02f8ace96ff91aa1609d Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mar 14 2023 16:50:25 +0000
Subject: ipatests: adapt for new automembership fixup behavior


The automembership fixup task now needs to be called
with --cleanup argument when the user expects automember
to remove user/hosts from automember groups.
Update the test to call create a cleanup task equivalent to
dsconf plugin automember fixup --cleanup
when it is needed.

Fixes: https://pagure.io/freeipa/issue/9313
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

---

diff --git a/ipatests/test_integration/test_automember.py b/ipatests/test_integration/test_automember.py
index 7acd0d7..8b27f4d 100644
--- a/ipatests/test_integration/test_automember.py
+++ b/ipatests/test_integration/test_automember.py
@@ -4,6 +4,7 @@
 """This covers tests for automemberfeature."""
 
 from __future__ import absolute_import
+import uuid
 
 from ipapython.dn import DN
 
@@ -211,11 +212,27 @@ class TestAutounmembership(IntegrationTest):
             # Running automember-build so that user is part of correct group
             result = self.master.run_command(['ipa', 'automember-rebuild',
                                               '--users=%s' % user2])
+            assert msg in result.stdout_text
+
+            # The additional --cleanup argument is required
+            cleanup_ldif = (
+                "dn: cn={cn},cn=automember rebuild membership,"
+                "cn=tasks,cn=config\n"
+                "changetype: add\n"
+                "objectclass: top\n"
+                "objectclass: extensibleObject\n"
+                "basedn: cn=users,cn=accounts,{suffix}\n"
+                "filter: (uid={user})\n"
+                "cleanup: yes\n"
+                "scope: sub"
+            ).format(cn=str(uuid.uuid4()),
+                     suffix=str(self.master.domain.basedn),
+                     user=user2)
+            tasks.ldapmodify_dm(self.master, cleanup_ldif)
+
             assert self.is_user_member_of_group(user2, group2)
             assert not self.is_user_member_of_group(user2, group1)
 
-            assert msg in result.stdout_text
-
         finally:
             # testcase cleanup
             self.remove_user_automember(user2, raiseonerr=False)
@@ -248,11 +265,27 @@ class TestAutounmembership(IntegrationTest):
             result = self.master.run_command(
                 ['ipa', 'automember-rebuild', '--hosts=%s' % host2]
             )
+            assert msg in result.stdout_text
+
+            # The additional --cleanup argument is required
+            cleanup_ldif = (
+                "dn: cn={cn},cn=automember rebuild membership,"
+                "cn=tasks,cn=config\n"
+                "changetype: add\n"
+                "objectclass: top\n"
+                "objectclass: extensibleObject\n"
+                "basedn: cn=computers,cn=accounts,{suffix}\n"
+                "filter: (fqdn={fqdn})\n"
+                "cleanup: yes\n"
+                "scope: sub"
+            ).format(cn=str(uuid.uuid4()),
+                     suffix=str(self.master.domain.basedn),
+                     fqdn=host2)
+            tasks.ldapmodify_dm(self.master, cleanup_ldif)
+
             assert self.is_host_member_of_hostgroup(host2, hostgroup2)
             assert not self.is_host_member_of_hostgroup(host2, hostgroup1)
 
-            assert msg in result.stdout_text
-
         finally:
             # testcase cleanup
             self.remove_host_automember(host2, raiseonerr=False)