From 37c10db8a1a3fb75bd97263cf1c871e6b688a4eb Mon Sep 17 00:00:00 2001 From: Dan Lavu Date: Thu, 21 May 2026 18:43:53 -0400 Subject: [PATCH 1/2] tests: renaming failover tests to connectivity to broaden the scope of tests * renamed some test cases --- .../tests/{test_failover.py => test_connectivity.py} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename src/tests/system/tests/{test_failover.py => test_connectivity.py} (93%) diff --git a/src/tests/system/tests/test_failover.py b/src/tests/system/tests/test_connectivity.py similarity index 93% rename from src/tests/system/tests/test_failover.py rename to src/tests/system/tests/test_connectivity.py index 4f587d0b62..eba3f7d2cb 100644 --- a/src/tests/system/tests/test_failover.py +++ b/src/tests/system/tests/test_connectivity.py @@ -1,5 +1,5 @@ """ -SSSD Failover tests. +SSSD Connectivity tests. :requirement: Failover """ @@ -17,7 +17,7 @@ @pytest.mark.ticket(gh=7375, jira="RHEL-17659") @pytest.mark.preferred_topology(KnownTopology.LDAP) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_failover__reactivation_timeout_is_honored( +def test_connectivity__failover_reactivation_timeout_is_honored( client: Client, provider: GenericProvider, value: int | None, expected: int ): """ @@ -65,7 +65,7 @@ def test_failover__reactivation_timeout_is_honored( @pytest.mark.importance("low") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.preferred_topology(KnownTopology.LDAP) -def test_failover__connect_using_ipv4_second_family(client: Client, provider: GenericProvider): +def test_connectivity__failover_to_ipv4_when_ipv6_unavailable(client: Client, provider: GenericProvider): """ :title: Make sure that we can connect using secondary protocol :setup: @@ -96,7 +96,7 @@ def test_failover__connect_using_ipv4_second_family(client: Client, provider: Ge @pytest.mark.topology(KnownTopology.AD) @pytest.mark.topology(KnownTopology.Samba) @pytest.mark.preferred_topology(KnownTopology.IPA) -def test_failover__go_offline_if_kinit_fails(client: Client, provider: GenericProvider): +def test_connectivity__sssd_goes_offline_when_kerberos_is_unreachable(client: Client, provider: GenericProvider): """ :title: SSSD goes offline when Kerberos authentication fails :setup: @@ -129,7 +129,7 @@ def test_failover__go_offline_if_kinit_fails(client: Client, provider: GenericPr @pytest.mark.importance("high") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.preferred_topology(KnownTopology.LDAP) -def test_failover__go_offline_if_ldap_fails(client: Client, provider: GenericProvider): +def test_connectivity__sssd_goes_offline_when_ldap_is_unreachable(client: Client, provider: GenericProvider): """ :title: SSSD goes offline when LDAP connection fails :setup: From b499746b00282bf4c39c10e8540f6853518a62b1 Mon Sep 17 00:00:00 2001 From: Dan Lavu Date: Thu, 21 May 2026 18:49:21 -0400 Subject: [PATCH 2/2] tests: connectivity adding test case for libldap first connection --- src/tests/system/tests/test_connectivity.py | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/tests/system/tests/test_connectivity.py b/src/tests/system/tests/test_connectivity.py index eba3f7d2cb..43782457e1 100644 --- a/src/tests/system/tests/test_connectivity.py +++ b/src/tests/system/tests/test_connectivity.py @@ -156,3 +156,31 @@ def test_connectivity__sssd_goes_offline_when_ldap_is_unreachable(client: Client assert client.sssd.default_domain is not None, "No default domain?" status = client.sssctl.domain_status(client.sssd.default_domain, online=True) assert "Offline" in status.stdout, "SSSD is not offline!" + + +@pytest.mark.importance("critical") +@pytest.mark.ticket(gh=8709) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_connectivity__sssd_fails_to_start_when_client_cannot_be_resolve(client: Client, provider: GenericProvider): + """ + :title: SSSD fails to start when the client hostname cannot be resolved + :setup: + 1. Block outbound dns traffic + 2. Remove records in /etc/hosts + 3. Remove resolved from /etc/nsswitch.conf + :steps: + 1. Start SSSD + :expectedresults: + 1. SSSD starts + :customerscenario: False + """ + client.firewall.outbound.drop_port((53, "tcp")) + client.firewall.outbound.drop_port((53, "udp")) + + client.fs.backup("/etc/hosts") + client.fs.write("/etc/hosts", f"::1 localhost\n127.0.0.1 localhost\n") + + client.fs.backup("/etc/nsswitch.conf") + client.fs.sed(path="/etc/nsswitch.conf", command="s/^\s*hosts:.*/hosts: files dns/", args=["-i"]) + + assert client.sssd.start(), "SSSD did not start!"