ipatests: add test for SSSD updating expired cache items

New test checks that sssd updates expired cache values both for IPA domain and trusted AD domain. Related to: https://pagure.io/SSSD/sssd/issue/4012 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-03-09 17:09:09 +01:00 · 2020-03-09 17:09:09 +01:00 · 8dd663e0c2
commit 8dd663e0c2
parent 7c059c81ce
1 changed files with 48 additions and 2 deletions
--- a/ipatests/test_integration/test_sssd.py
+++ b/ipatests/test_integration/test_sssd.py
@ -8,6 +8,7 @@ from __future__ import absolute_import

 import time
 from contextlib import contextmanager
+import re

 import pytest
 import textwrap
@ -28,11 +29,13 @@ class TestSSSDWithAdTrust(IntegrationTest):
    users = {
        'ipa': {
            'name': 'user1',
-            'password': 'SecretUser1'
+            'password': 'SecretUser1',
+            'group': 'user1',
        },
        'ad': {
            'name_tmpl': 'testuser@{domain}',
-            'password': 'Secret123'
+            'password': 'Secret123',
+            'group_tmpl': 'testgroup@{domain}',
        },
        'fakeuser': {
            'name': 'some_user@some.domain'
@ -56,6 +59,8 @@ class TestSSSDWithAdTrust(IntegrationTest):

        cls.users['ad']['name'] = cls.users['ad']['name_tmpl'].format(
            domain=cls.ad.domain.name)
+        cls.users['ad']['group'] = cls.users['ad']['group_tmpl'].format(
+            domain=cls.ad.domain.name)
        tasks.user_add(cls.master, cls.intermed_user)
        tasks.create_active_user(cls.master, cls.ipa_user,
                                 cls.ipa_user_password)
@ -240,3 +245,44 @@ class TestSSSDWithAdTrust(IntegrationTest):
            # reset to original limit
            tasks.ldapmodify_dm(master, ldap_query.format(limit=orig_limit))
            sssd_conf_backup.restore()
+
+    @pytest.mark.parametrize('user_origin', ['ipa', 'ad'])
+    def test_sssd_cache_refresh(self, user_origin):
+        """Check SSSD updates expired cache items for domain and its subdomains
+
+        Regression test for https://pagure.io/SSSD/sssd/issue/4012
+        """
+        def get_cache_update_time(obj_kind, obj_name):
+            res = self.master.run_command(
+                ['sssctl', '{}-show'.format(obj_kind), obj_name])
+            m = re.search(r'Cache entry last update time:\s+([^\n]+)',
+                          res.stdout_text)
+            update_time = m.group(1).strip()
+            assert update_time
+            return update_time
+
+        # by design, sssd does first update of expired records in 30 seconds
+        # since start
+        refresh_time = 30
+        user = self.users[user_origin]['name']
+        group = self.users[user_origin]['group']
+        sssd_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF)
+        try:
+            with tasks.remote_sssd_config(self.master) as sssd_conf:
+                sssd_conf.edit_domain(
+                    self.master.domain, 'refresh_expired_interval', 1)
+                sssd_conf.edit_domain(
+                    self.master.domain, 'entry_cache_timeout', 1)
+            tasks.clear_sssd_cache(self.master)
+
+            start = time.time()
+            self.master.run_command(['id', user])
+            user_update_time = get_cache_update_time('user', user)
+            group_update_time = get_cache_update_time('group', group)
+            time.sleep(start + refresh_time - time.time() + 5)
+            assert get_cache_update_time('user', user) != user_update_time
+            assert (get_cache_update_time('group', group) !=
+                    group_update_time)
+        finally:
+            sssd_conf_backup.restore()
+            tasks.clear_sssd_cache(self.master)