Skip to content

tests: Add incomplete triples and complex hierarchy netgroup tests#8262

Merged
ikerexxe merged 2 commits intoSSSD:masterfrom
madhuriupadhye:netgroup1
Dec 9, 2025
Merged

tests: Add incomplete triples and complex hierarchy netgroup tests#8262
ikerexxe merged 2 commits intoSSSD:masterfrom
madhuriupadhye:netgroup1

Conversation

@madhuriupadhye
Copy link
Contributor

@madhuriupadhye madhuriupadhye commented Dec 3, 2025

Adds two new netgroup tests.

  1. test_netgroup__incomplete_triples - Verifies netgroups with missing host/user/domain fields work correctly

  2. test_netgroups__complex_hierarchy - Verifies multi-level nested netgroups resolve inherited members correctly

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 3, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds two valuable system tests for netgroups, covering incomplete triples and complex hierarchies. The tests are well-structured and improve coverage. I've identified a correctness issue in the assertions of test_netgroup__incomplete_triples and suggested a fix to make it more robust. Additionally, I've proposed refactoring the assertions in test_netgroups__complex_hierarchy for better conciseness and reliability. With these changes, the new tests will be excellent additions to the suite.

@madhuriupadhye madhuriupadhye force-pushed the netgroup1 branch 3 times, most recently from d9af156 to 002331b Compare December 3, 2025 14:24
jakub-vavra-cz
jakub-vavra-cz reviewed Dec 5, 2025
View reviewed changes
src/tests/system/tests/test_netgroups.py Outdated
:customerscenario: False
"""
if not isinstance(provider, (LDAP, Samba, AD)):
raise ValueError("IPA does not support domain in netgroups")
Copy link
Contributor

@jakub-vavra-cz jakub-vavra-cz Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use pytest skip instead.

Copy link
Contributor Author

@madhuriupadhye madhuriupadhye Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated in all test cases.

jakub-vavra-cz
jakub-vavra-cz reviewed Dec 5, 2025
View reviewed changes
src/tests/system/tests/test_netgroups.py Outdated

# Level 1: Base netgroups with only triples (no nested members)
ng_base1 = provider.netgroup("ng-base1").add()
ng_base1.add_member(host="host1", user="user1", domain="ldap.test")
Copy link
Contributor

@jakub-vavra-cz jakub-vavra-cz Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is everywhere hardcoded ldap.test domain.

Copy link
Contributor Author

@madhuriupadhye madhuriupadhye Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in all test cases.

jakub-vavra-cz
jakub-vavra-cz requested changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@jakub-vavra-cz jakub-vavra-cz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See inline

ikerexxe
ikerexxe reviewed Dec 5, 2025
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your work on this. I noticed the commit structure, and I think we need to clean it up before merging to maintain a clear git history and simplify cherry-picking for maintenance branches.

Commit number 2 changes code introduced in commit number 1 and it also refactors already existing code. My suggestion would be to:

  • Commit 1: pure refactoring of the original, existing tests. This commit must pass tests on its own.
  • Commit 2: add the two new test cases using the new, refactored structure.

@madhuriupadhye madhuriupadhye force-pushed the netgroup1 branch 12 times, most recently from c5415b7 to 2048c0c Compare December 8, 2025 12:51
@madhuriupadhye madhuriupadhye force-pushed the netgroup1 branch 2 times, most recently from 1c98a62 to bbc14e9 Compare December 8, 2025 13:01
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 8, 2025
View reviewed changes
@madhuriupadhye madhuriupadhye force-pushed the netgroup1 branch 6 times, most recently from 6a7e6b0 to 2692665 Compare December 8, 2025 16:33
jakub-vavra-cz
jakub-vavra-cz approved these changes Dec 9, 2025
View reviewed changes
Copy link
Contributor

@jakub-vavra-cz jakub-vavra-cz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

ikerexxe
ikerexxe approved these changes Dec 9, 2025
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@madhuriupadhye @sssd-bot
tests: Remove hardcoded domain and fix type errors in netgroup tests
3a3161b 
Replace hardcoded "ldap.test" domain strings with dynamic `provider.domain`
and fix type checking errors in netgroup tests.

Changes:
- Remove `raise ValueError` and `pytest.skip` isinstance checks since
  topology markers already restrict tests to LDAP, AD, and Samba providers
- Change function signatures from `GenericProvider` to `AD | LDAP | Samba`
  to match the topology decorators
- Replace all hardcoded "ldap.test" with `provider.domain` for dynamic
  domain resolution across different provider topologies
- Rework parametrized test to use boolean flag and format string with
  `{domain}` placeholder for runtime substitution
- Fix type errors by passing netgroup names as strings instead of objects
  to `add_member(ng=...)` calls
- Fix type conflict by using separate variable names (`passwd_result`,
  `group_result`) for different entry types

Affected tests:
- test_netgroup__user_attribute_membernisnetgroup_uses_group_dn
- test_netgroup__lookup_nested_groups
- test_netgroup__lookup_nested_groups_with_host_and_domain_values_present
- test_netgroup__uid_gt_2147483647

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
@madhuriupadhye @sssd-bot
tests: Add netgroup tests for incomplete triples and complex hierarchy
69af070 
Add new test cases to verify netgroup functionality with incomplete
triples and complex nested hierarchies.

New tests:
- test_netgroup__incomplete_triples: Verify netgroups with various
  incomplete triple combinations (empty, only host, only user, only
  domain, missing host, missing user, missing domain)
- test_netgroups__complex_hierarchy: Verify netgroups with multiple
  levels of nesting (base -> mid -> top) work correctly and return
  the expected combination of direct triples and inherited members

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
@sssd-bot
Copy link
Contributor

sssd-bot commented Dec 9, 2025

The pull request was accepted by @ikerexxe with the following PR CI status:

🟢 CodeFactor (success)
🟢 CodeQL (success)
🟢 osh-diff-scan:fedora-rawhide-x86_64:upstream (success)
🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-41-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)
🟢 Analyze (target) / cppcheck (success)
🔴 ci / intgcheck (centos-10) (failure)
🟢 ci / intgcheck (fedora-41) (success)
🟢 ci / intgcheck (fedora-42) (success)
🟢 ci / intgcheck (fedora-43) (success)
🟢 ci / intgcheck (fedora-44) (success)
🟢 ci / prepare (success)
🟢 ci / system (centos-10) (success)
🟢 ci / system (fedora-41) (success)
🟢 ci / system (fedora-42) (success)
🟢 ci / system (fedora-43) (success)
🟢 ci / system (fedora-44) (success)
➖ Coverity scan / coverity (skipped)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

@ikerexxe
Copy link
Contributor

ikerexxe commented Dec 9, 2025

Failure in intgcheck (centos-10) is unrelated, so merging

@ikerexxe ikerexxe merged commit 63771a1 into SSSD:master Dec 9, 2025
9 of 14 checks passed
This was referenced Dec 9, 2025
Merged
Merged
Merged
@danlavu danlavu mentioned this pull request Jan 15, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ikerexxe ikerexxe ikerexxe approved these changes

@jakub-vavra-cz jakub-vavra-cz jakub-vavra-cz approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ikerexxe ikerexxe

@jakub-vavra-cz jakub-vavra-cz

Labels

Accepted backport-to-sssd-2-9 Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@madhuriupadhye @sssd-bot @ikerexxe @jakub-vavra-cz @alexey-tikhonov