From 985c99fc7ad6fdd30d428d099e006b1a0836a87d Mon Sep 17 00:00:00 2001
From: Anuja More <amore@redhat.com>
Date: Feb 17 2020 15:49:50 +0000
Subject: ipatests: Add test for ipa-extdom-extop plugin should allow @ in group name


If group contains @ in group name on AD,
then it should fetch successfully on ipa-client.

Related to: https://bugzilla.redhat.com/1746951

Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>

---

diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py
index 57d5de6..886c5f2 100644
--- a/ipatests/test_integration/test_sssd.py
+++ b/ipatests/test_integration/test_sssd.py
@@ -21,6 +21,7 @@ class TestSSSDWithAdTrust(IntegrationTest):
 
     topology = 'star'
     num_ad_domains = 1
+    num_clients = 1
 
     users = {
         'ipa': {
@@ -148,3 +149,34 @@ class TestSSSDWithAdTrust(IntegrationTest):
             dp_req = ("Looking up [{0}] in data provider".format(
                 self.users[user]['name']))
             assert not dp_req.encode() in sssd_log
+
+    def test_extdom_group(self):
+        """ipa-extdom-extop plugin should allow @ in group name.
+
+        Test for : https://bugzilla.redhat.com/show_bug.cgi?id=1746951
+
+        If group contains @ in group name from AD, eg. abc@pqr@AD.DOMAIN
+        then it should fetch successfully on ipa-client.
+        """
+        client = self.clients[0]
+        hosts = [self.master, client]
+        ad_group = 'group@group@{0}'.format(self.ad.domain.name)
+        expression = '((?P<name>.+)@(?P<domain>[^@]+$))'
+        master_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF)
+        client_conf_backup = tasks.FileBackup(client, paths.SSSD_CONF)
+        for host in hosts:
+            with tasks.remote_ini_file(host, paths.SSSD_CONF) as sssd_conf:
+                sssd_conf.set('sssd', 're_expression', expression)
+                sssd_conf.set('sssd', 'use_fully_qualified_names', True)
+            tasks.clear_sssd_cache(host)
+        try:
+            cmd = ['getent', 'group', ad_group]
+            result = self.master.run_command(cmd)
+            assert ad_group in result.stdout_text
+            result2 = client.run_command(cmd)
+            assert ad_group in result2.stdout_text
+        finally:
+            master_conf_backup.restore()
+            client_conf_backup.restore()
+            tasks.clear_sssd_cache(self.master)
+            tasks.clear_sssd_cache(client)