TESTS: Add access control simple filter tests

[andreboscatto]

Added 4 tests for access control simple filter using the new testing framework

[andreboscatto]

• Check with @pbrezina about def add_members(self, members: list[GenericNetgroupMember]) -> GenericNetgroup: -> Should we add str as a valid input or should I change the test itself?

[andreboscatto]

@danlavu to achieve what you suggest using loops to create users and not having problems afterwards, there are a few ways (I have my opinions about that) but I'll list the options I currently know and we can explore it.

1. Creating a dictionary with notation type

users: Dict[str, GenericProvider] = {}

for name in ["user1", "user2", "user3"]:
    users[name]: GenericProvider = provider.user(name).add()

print(users["user1"], users["user2"], users["user3"])

2. Creating a dictionary without notation type

users = {}

for i in ["user1", "user2", "user3"]:
    users[i] = provider.user(i).add()

print(users["user1"], users["user2"], users["user3"])

3. Using Globals()

for name in ["user1", "user2", "user3"]:
    globals()[name]: GenericProvider = provider.user(name).add()

print(user1, user2, user3)`

4. Using Locals()

for i in ["user1", "user2", "user3"]:
    locals()[i] = provider.user(i).add()

print(user1, user2, user3)

5. Using Exec()

for name in ["user1", "user2", "user3"]:
    exec(f"{name}: GenericProvider = provider.user('{name}').add()")

print(user1, user2, user3)

6. Changing the notation in the add_members() as I wanted to talk to Pavel in my previous comment

FROM def add_members(self, members: list[GenericNetgroupMember]) 
TO def add_members(self, members: list[GenericNetgroupMember] | str)

My opinions:

1. Globals -> Nops
2. Locals -> Prune to errors
3. Exec -> I don't have knowledge about that, so I'm not sure how it behaves
4. Dictionaries are gentlemen ;)
5. Changing the add_members -> I am biased, it can create precedent to other modifications which I don't like and having a specific notation helps during creating tests -> it is there for a reason

Why am I bringing all of that? There are errors during the build (https://github.com/SSSD/sssd/actions/runs/13910267393/job/38922743602?pr=7882)

[danlavu]

Why am I bringing all of that? There are errors during the build (https://github.com/SSSD/sssd/actions/runs/13910267393/job/38922743602?pr=7882)

    for i in ["group1", "o-group1"]:
        result = client.tools.getent.group(i)
        assert result is not None, "Group not found!"
        assert result.gid == 888888, "Group gid does not match override value!"
        assert "o-user1" in result.members, "Local override username not found in group!"

We do something like this, to ensure the object is of the correct type, we assert that the result is not None.

[andreboscatto]

I understand you have a human way to avoid potential errors. I am talking about a "coding" level (https://mypy.readthedocs.io/en/latest/error_code_list.html#code-assignment). The code checker will evaluate if all the arguments fit the proper notation, thus my proposals.

[andreboscatto]

Ahhhh I see! It is still complaining to me at least:

Incompatible types in assignment (expression has type "GroupEntry | None", variable has type "IdEntry | None")Mypy[assignment](https://mypy.readthedocs.io/en/latest/_refs.html#code-assignment)

  users = ["user1", "user2", "user3"]
   groups = ["group1", "group2", "group3"]

   for user in users:
           provider.user(user).add()

   for group in groups:
           provider.user(user).add()
.
.
.

   for group in groups:
       result = client.tools.getent.group(group)
       assert result is not None, f"Group {group} should be found."

[danlavu]

Tomorrow during our 1 on 1, remind me, we will go through the lint errors and ci failures.

tests/test_access_control_simple.py:105: error: List item 0 has incompatible type "str"; expected "GenericUser | GenericGroup"  [list-item]
tests/test_access_control_simple.py:105: error: List item 1 has incompatible type "str"; expected "GenericUser | GenericGroup"  [list-item]
tests/test_access_control_simple.py:106: error: List item 0 has incompatible type "str"; expected "GenericUser | GenericGroup"  [list-item]
tests/test_access_control_simple.py:106: error: List item 1 has incompatible type "str"; expected "GenericUser | GenericGroup"  [list-item]
tests/test_access_control_simple.py:151: error: Argument 1 to "add_member" of "GenericGroup" has incompatible type "str"; expected "GenericUser | GenericGroup"  [arg-type]
tests/test_access_control_simple.py:152: error: Argument 1 to "add_member" of "GenericGroup" has incompatible type "str"; expected "GenericUser | GenericGroup"  [arg-type]

[danlavu]

Just the titles, other than that, LG2M, thank you Andre.

[andreboscatto]

I asked to review again because I'm not familiar with the process... a LG2M is sufficient or do you need to "confirm" with the button?

[andreboscatto]

And thank you for all the support and patience with me through this learning process :) I hope the others will go faster after this learning curve.

[pbrezina]

Ack. I left some suggestions, but its up to you if you want to change it or not. Let me know and I'll set the "approve" flag.

[danlavu]

Great work!

[aplopez]

ACK

[danlavu]

This is great, thank you @andreboscatto

[alexey-tikhonov]

@andreboscatto, please rebase.

[alexey-tikhonov]

Pushed PR: #7882

• master
  • d61ba81 - TESTS: Add access control simple filter tests
• sssd-2-10
  • 907548b - TESTS: Add access control simple filter tests
• sssd-2-9
  • 5f37296 - TESTS: Add access control simple filter tests