sssd/0091-TESTS-Test-that-ccaches-can-be-stored-after-max_secr.patch

110 lines
3.2 KiB
Diff
Raw Normal View History

2017-09-01 18:52:07 +00:00
From 0558f270b3fbb0780e2a94602d455022b89f5381 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 4 Apr 2017 15:34:17 +0200
Subject: [PATCH 91/93] TESTS: Test that ccaches can be stored after
max_secrets is reached for regular non-ccache secrets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Test that even when we store the maximum number of secrets, we can still
store kerberos credentials, but only until we reach the max_secrets
limit as well.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
---
src/tests/intg/test_kcm.py | 52 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 51 insertions(+), 1 deletion(-)
diff --git a/src/tests/intg/test_kcm.py b/src/tests/intg/test_kcm.py
index 72a3458c8c598bae1fe929c062990da0bcbc3063..b65e1d5300bb8014aee2493795dc39ce799e9440 100644
--- a/src/tests/intg/test_kcm.py
+++ b/src/tests/intg/test_kcm.py
@@ -23,12 +23,16 @@ import pytest
import socket
import time
import signal
+from requests import HTTPError
import kdc
import krb5utils
import config
from util import unindent
from test_secrets import create_sssd_secrets_fixture
+from secrets import SecretsLocalClient
+
+MAX_SECRETS = 10
class KcmTestEnv(object):
@@ -109,7 +113,7 @@ def create_sssd_kcm_fixture(sock_path, request):
return kcm_pid
-def create_sssd_conf(kcm_path, ccache_storage):
+def create_sssd_conf(kcm_path, ccache_storage, max_secrets=MAX_SECRETS):
return unindent("""\
[sssd]
domains = local
@@ -121,6 +125,9 @@ def create_sssd_conf(kcm_path, ccache_storage):
[kcm]
socket_path = {kcm_path}
ccache_storage = {ccache_storage}
+
+ [secrets]
+ max_secrets = {max_secrets}
""").format(**locals())
@@ -464,3 +471,46 @@ def test_kcm_sec_parallel_klist(setup_for_kcm_sec,
for p in processes:
rc = p.wait()
assert rc == 0
+
+
+def get_secrets_socket():
+ return os.path.join(config.RUNSTATEDIR, "secrets.socket")
+
+
+@pytest.fixture
+def secrets_cli(request):
+ sock_path = get_secrets_socket()
+ cli = SecretsLocalClient(sock_path=sock_path)
+ return cli
+
+
+def test_kcm_secrets_quota(setup_for_kcm_sec,
+ setup_secrets,
+ secrets_cli):
+ testenv = setup_for_kcm_sec
+ cli = secrets_cli
+
+ # Make sure the secrets store is depleted first
+ sec_value = "value"
+ for i in range(MAX_SECRETS):
+ cli.set_secret(str(i), sec_value)
+
+ with pytest.raises(HTTPError) as err507:
+ cli.set_secret(str(MAX_SECRETS), sec_value)
+ assert str(err507.value).startswith("507")
+
+ # We should still be able to store KCM ccaches, but no more
+ # than MAX_SECRETS
+ for i in range(MAX_SECRETS):
+ princ = "%s%d" % ("kcmtest", i)
+ testenv.k5kdc.add_principal(princ, princ)
+
+ for i in range(MAX_SECRETS-1):
+ princ = "%s%d" % ("kcmtest", i)
+ out, _, _ = testenv.k5util.kinit(princ, princ)
+ assert out == 0
+
+ # we stored 0 to MAX_SECRETS-1, storing another one must fail
+ princ = "%s%d" % ("kcmtest", MAX_SECRETS)
+ out, _, _ = testenv.k5util.kinit(princ, princ)
+ assert out != 0
--
2.14.1