642b81e test_trust: add tests for using AD users and groups in SUDO rules

2 files Authored by abbra 3 years ago, Committed by rcritten 3 years ago,
    test_trust: add tests for using AD users and groups in SUDO rules
    
    Tests test_integration/test_trust.py::TestTrust::test_sudorules_ad_*
    check that a user from a trusted AD domain can perform SUDO
    authentication without a password for any command based on a direct user
    reference or on indirect AD group reference. The test suite also ensures
    an AD user and group can be used for runAsUser/runAsGroup settings.
    
    Due to https://github.com/SSSD/sssd/issues/5475 anything added to
    'ipaSudoRunAsExtUserGroup' attribute will be prefixed with '%' and thus
    any relying on the value of this attribute displayed by 'sudo -l'
    command will fail. The test only validates that a proper group name
    appears in the 'sudo' output, so we handle both prefixes in the
    corresponding test check. It is not possible to differ by the SSSD
    version as a fix to the issue is only a patch on top of 2.4.0 in RHEL.
    
    Fixes: https://pagure.io/freeipa/issue/3226
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>