From 8dd663e0c2cbc6c6fec43ffcc09259f9be336429 Mon Sep 17 00:00:00 2001
From: Sergey Orlov <sorlov@redhat.com>
Date: Mon, 9 Mar 2020 17:09:09 +0100
Subject: [PATCH] ipatests: add test for SSSD updating expired cache items

New test checks that sssd updates expired cache values both for IPA
domain and trusted AD domain.

Related to: https://pagure.io/SSSD/sssd/issue/4012

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
---
 ipatests/test_integration/test_sssd.py | 50 ++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_sssd.py b/ipatests/test_integration/test_sssd.py
index a41ccf0c6..d2eba3383 100644
--- a/ipatests/test_integration/test_sssd.py
+++ b/ipatests/test_integration/test_sssd.py
@@ -8,6 +8,7 @@ from __future__ import absolute_import
 
 import time
 from contextlib import contextmanager
+import re
 
 import pytest
 import textwrap
@@ -28,11 +29,13 @@ class TestSSSDWithAdTrust(IntegrationTest):
     users = {
         'ipa': {
             'name': 'user1',
-            'password': 'SecretUser1'
+            'password': 'SecretUser1',
+            'group': 'user1',
         },
         'ad': {
             'name_tmpl': 'testuser@{domain}',
-            'password': 'Secret123'
+            'password': 'Secret123',
+            'group_tmpl': 'testgroup@{domain}',
         },
         'fakeuser': {
             'name': 'some_user@some.domain'
@@ -56,6 +59,8 @@ class TestSSSDWithAdTrust(IntegrationTest):
 
         cls.users['ad']['name'] = cls.users['ad']['name_tmpl'].format(
             domain=cls.ad.domain.name)
+        cls.users['ad']['group'] = cls.users['ad']['group_tmpl'].format(
+            domain=cls.ad.domain.name)
         tasks.user_add(cls.master, cls.intermed_user)
         tasks.create_active_user(cls.master, cls.ipa_user,
                                  cls.ipa_user_password)
@@ -240,3 +245,44 @@ class TestSSSDWithAdTrust(IntegrationTest):
             # reset to original limit
             tasks.ldapmodify_dm(master, ldap_query.format(limit=orig_limit))
             sssd_conf_backup.restore()
+
+    @pytest.mark.parametrize('user_origin', ['ipa', 'ad'])
+    def test_sssd_cache_refresh(self, user_origin):
+        """Check SSSD updates expired cache items for domain and its subdomains
+
+        Regression test for https://pagure.io/SSSD/sssd/issue/4012
+        """
+        def get_cache_update_time(obj_kind, obj_name):
+            res = self.master.run_command(
+                ['sssctl', '{}-show'.format(obj_kind), obj_name])
+            m = re.search(r'Cache entry last update time:\s+([^\n]+)',
+                          res.stdout_text)
+            update_time = m.group(1).strip()
+            assert update_time
+            return update_time
+
+        # by design, sssd does first update of expired records in 30 seconds
+        # since start
+        refresh_time = 30
+        user = self.users[user_origin]['name']
+        group = self.users[user_origin]['group']
+        sssd_conf_backup = tasks.FileBackup(self.master, paths.SSSD_CONF)
+        try:
+            with tasks.remote_sssd_config(self.master) as sssd_conf:
+                sssd_conf.edit_domain(
+                    self.master.domain, 'refresh_expired_interval', 1)
+                sssd_conf.edit_domain(
+                    self.master.domain, 'entry_cache_timeout', 1)
+            tasks.clear_sssd_cache(self.master)
+
+            start = time.time()
+            self.master.run_command(['id', user])
+            user_update_time = get_cache_update_time('user', user)
+            group_update_time = get_cache_update_time('group', group)
+            time.sleep(start + refresh_time - time.time() + 5)
+            assert get_cache_update_time('user', user) != user_update_time
+            assert (get_cache_update_time('group', group) !=
+                    group_update_time)
+        finally:
+            sssd_conf_backup.restore()
+            tasks.clear_sssd_cache(self.master)