Examples of using libdirsrv module from sssd.testlib.common

  • sssd-testlib provides module libdirsrv which creates/removes directory server instances.

Design

  • libdirsrv module consists of 2 classes the base class DirSrv and wrapper class DirSrvWrap.

  • DirSrv class consits of methods to create DS config file, Setup Directory Server , Enable SSL in Directory server and Remove DS Instances. This class is very generic and all the details like instance name, hostname, suffix, ldap and tls ports should be provided.

  • DirSrvWrap is a wrapper class of DirSrv , It sets up some default values like ldap and tls ports, suffix , set selinux label ldap_t on ldap and tls ports etc.

  • The wrapper classes allows to create multiple instances without worring about what ports to be used for each instance. port for unencrypted ldap ports are choosen from the below list:

    [4389, 2389, 1389, 3389, 30389, 31389, 32389, 33389, 34389, 35389, 36389, 37389, 38389, 39389]

    and tls ports are choosen from below list:

    [4636, 2636, 1636, 3636, 30636, 31636, 32636, 33636, 34636, 35636, 36636, 37636, 38636, 39636]

  • Though ports can be passed manully but verifying if those ports are available have to be done by the user.

  • The default suffix is ‘dc=example,dc=org’

  • To Enable ssl for Directory Server instance, A Directory containing the CA and Server certs(created on the host where DS Instance) should be passed. To create these certs, PkiTools module can be used. PkiTools has method createselfsignedcerts which creates a self-signed certs (CA and server-cert for each host). These certs are copied to host on which Directory server instance should be created and setup_certs method of DirSrv class adds these certs to NSS DB of that specific instance and Enables TLS on Directory Server.

  • Below are some of the examples of setting up DS instance in pytest

Example-1: Setup DS Instance on single Host

  • create a multihost config file mhc.yaml as below:

    root_password: 'redhat'
    domains:
    - name: example.test
      type: sssd
      hosts:
      - name: client1
        external_hostname: client1.example.test
        ip: 192.168.122.60
        role: client
    
  • create a conftest.py to specify namespace hook:

    from sssd.testlib.common.qe_class import session_multihost
    from sssd.testlib.common.libdirsrv import DirSrvWrap
    import pytest
    
    def pytest_namespace():
        return { 'num_masters': 0, 'num_ad':0, 'num_atomic': 0,
          num_replicas': 0, 'num_clients':1, 'num_others': 0}
    
  • Add a fixture specifed below in conftest.py:

     @pytest.fixture(scope="class")
     def setup_ldap(session_multihost):
          ds_obj = DirSrvWrap(session_multihost.client[0])
    return ds_obj
    
  • session_multihost is the session fixture which gets activated when py.test is run with –multihost-config=mhc.yaml parameter. This parameter connects to systems mentioned in mhc.yaml using paramiko module and this session of each host is available through roles defined in multihost config file. In the above example client[0] is the multihost handle for host client1.example.test

  • Importing the DirSrvWrap module we are creating instance of DirSrvWrap by passing the multihost session handle of client[0] to the DirSrvWrap object.

  • The fixture created 389_ds is of scope class which can be called in test file as below:

    class TestCase(object):
    
          def test1(self, session_multihost, setup_ldap):
               setup_ldap.create_ds_instance('example1')
         setup_ldap.remove_ds_instance('example1')
    
          def test2(self, session_multihost):
               pass
    
           def test3(self, session_multihost):
                pass
    

Example-2: Setup DS Instance with SSL on single Host:

  • create a multihost config file mhc.yaml as below:

    root_password: 'redhat'
     domains:
     - name: example.test
       type: sssd
       hosts:
          - name: client1.example.test
            external_hostname: client1.example.test
            ip: 10.65.223.160
            role: client
    
  • create a conftest.py to specify namespace hook:

    from sssd.testlib.common.qe_class import session_multihost
    from sssd.testlib.common.libdirsrv import DirSrvWrap
    import pytest
    
    def pytest_namespace():
       return {'num_masters': 0, 'num_ad':0, 'num_atomic': 0,
                num_replicas': 0, 'num_clients':1, 'num_others': 0}
    
  • create a fixture to create CA and server-cert for each host in conftest.py:

    from sssd.testlib.common.exceptions import PkiLibException
    
    @pytest.fixture(scope="class")
    def nssdir(session_multihost, request):
        serverList = [session_multihost.client[0].hostname]
        try:
            certdb = PkiTools.createselfsignedcerts(serverList)
        except PkiLibException as err:
            return (err.msg, err.rval)
        else:
            return certdb
    
  • Add another fixture to create a instance of DirSrvWrap passing the certdb returned from above fixture:

    @pytest.fixture(scope="class")
    def setup_ldap(session_multihost, nssdir):
        ds_obj = DirSrvWrap(session_multihost.client[0], ssl=True, ssldb=nssdir)
        return ds_obj
    
  • call the fixture setup_ldap from the test functions as show below:

    class TestCase(object):
    
        def test1(self, session_multihost, setup_ldap):
           setup_ldap.create_ds_instance('example1')
           setup_ldap.remove_ds_instance('example1')
    
       def test2(self):
            pass
    
       def test3(self):
            pass
    

Example-3: Setup DS Instance with on multiple hosts(2)

  • create a multihost config file mhc.yaml as below:

    root_password: 'redhat'
     domains:
     - name: example.test
       type: sssd
       hosts:
          - name: client1.example.test
            external_hostname: client1.example.test
            ip: 10.65.223.160
            role: client
          - name: master1.example.test
            external_hostname: master1.example.test
            ip: 10.65.223.161
            role: master
    
  • create a conftest.py to specify namespace hook:

    from sssd.testlib.common.qe_class import session_multihost
    from sssd.testlib.common.libdirsrv import DirSrvWrap
    import pytest
    
    def pytest_namespace():
       return {'num_masters': 0, 'num_ad':0, 'num_atomic': 0,
                num_replicas': 0, 'num_clients':1, 'num_others': 0}
    
  • create a fixture to create CA and server-cert for each host in conftest.py:

    from sssd.testlib.common.exceptions import PkiLibException
    
    @pytest.fixture(scope="class")
    def nssdir(session_multihost, request):
        serverList = [session_multihost.client[0].sys.hostname,
                session_multihost.master[0].sys.hostname]
        try:
            certdb = PkiTools.createselfsignedcerts(serverList)
        except PkiLibException as err:
            return (err.msg, err.rval)
        else:
            return certdb
    
  • Add another fixture to create a instance of DirSrvWrap passing the certdb returned from above fixture:

      @pytest.fixture(scope="class")
      def setup_ldap(session_multihost, nssdir):
          client_ds_obj = DirSrvWrap(session_multihost.client[0], ssl=True,
    ssldb=nssdir)
    master_ds_obj = DirSrvWrap(session_multihost.master[0], ssl=True,
    ssldb=nssdir)
          return (client_ds_obj, master_ds_obj)
    
  • call the fixture setup_ldap from the test functions as show below:

    class TestCase(object):
    
        def test1(self, session_multihost, setup_ldap):
           client_ds_obj = setup_ldap[0]
           master_ds_obj = setup_ldap[1]
           client_ds_obj.create_ds_instance('example1')
           master_ds_obj.create_ds_instance('example1')
           client_ds_obj.remove_ds_instance('example1')
           master_ds_obj.remove_ds_instance('example1')
    
        def test2(self):
            pass
    
        def test3(self):
            pass
    

Example-4: Creating and Removing DS instance using setup/teardown methods

  • create a multihost config file mhc.yaml as below:

    root_password: 'redhat'
     domains:
     - name: example.test
       type: sssd
       hosts:
          - name: client1.example.test
            external_hostname: client1.example.test
            ip: 10.65.223.160
            role: client
          - name: master1.example.test
            external_hostname: master1.example.test
            ip: 10.65.223.161
            role: master
    
  • create a conftest.py to specify namespace hook:

    from sssd.testlib.common.qe_class import session_multihost
    from sssd.testlib.common.libdirsrv import DirSrvWrap
    import pytest
    
    def pytest_namespace():
       return {'num_masters': 0, 'num_ad':0, 'num_atomic': 0,
                num_replicas': 0, 'num_clients':1, 'num_others': 0}
    
  • Create a fixture of scope class to have a setup and teardown methods in class and these functions are run before and after tests are executed. In our test class we define a setup_class method which will be run before our tests run where we do all our setup required for tests and also define class_teardown method at the end in Testclass which teardown all the setup done in class_setup. To these functions we pass our fixtures setup_ldap:

    @pytest.fixture(scope="class")
    def multihost(session_multihost, setup_ldap, request):
        if hasattr(request.cls(), 'class_setup'):
           request.cls().class_setup(setup_ldap)
     request.addfinalizer(lambda:request.cls().class_teardown(setup_ldap))
    
  • create a fixture to create CA and server-cert for each host in conftest.py:

    from sssd.testlib.common.exceptions import PkiLibException
    
    @pytest.fixture(scope="class")
    def nssdir(session_multihost, request):
        serverList = [session_multihost.client[0].sys.hostname,
                session_multihost.master[0].sys.hostname]
        try:
            certdb = PkiTools.createselfsignedcerts(serverList)
        except PkiLibException as err:
            return (err.msg, err.rval)
        else:
            return certdb
    
  • Add another fixture to create a instance of DirSrvWrap passing the certdb returned from above fixture:

      @pytest.fixture(scope="class")
      def setup_ldap(session_multihost, nssdir):
          client_ds_obj = DirSrvWrap(session_multihost.client[0], ssl=True,
    ssldb=nssdir)
    master_ds_obj = DirSrvWrap(session_multihost.master[0], ssl=True,
    ssldb=nssdir)
          return (client_ds_obj, master_ds_obj)
    
  • call the fixture setup_ldap from the test functions as show below:

    class TestCase(object):
    
        def class_setup(self, setup_ldap):
           client_ds_obj = setup_ldap[0]
           master_ds_obj = setup_ldap[1]
           client_ds_obj.create_ds_instance('example1')
           master_ds_obj.create_ds_instance('example1')
    
       def test1(self):
            pass
    
       def test2(self):
            pass
    
       def class_teardown(self, setup_ldap):
            client_ds_obj = setup_ldap[0]
            master_ds_obj = setup_ldap[1]
            client_ds_obj.remove_ds_instance('example2')
            master_ds_obj.remove_ds_instance('example2')