Tests: add ldap_sudo_search_base warning test#8902
Conversation
|
Warning Gemini is experiencing higher than usual traffic and was unable to create the review. Please try again in a few hours by commenting |
6e61fc5 to
2c2af94
Compare
jakub-vavra-cz
left a comment
There was a problem hiding this comment.
The test looks pretty straightforward. I would be wary if the log is produced before the reading is done especially if the infra is under load.
I would probably check if ""ldap_sudo_search_base is not set"" is in the log and if not retry a few times before hard failing.
|
The pull request was accepted by @jakub-vavra-cz with the following PR CI status: 🟢 CodeQL (success) There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging. |
2c2af94 to
a52661a
Compare
|
I testes with IDM-CI, with unpatched version assert is failing, and with patch version is passed. unpatched version,
with patched version, |
@madhuriupadhye thanks for testing this out. I have a couple of follow up questions: We expect/want it to fail on older versions because this is a check for a fix related to a CVE right? This wouldn't be running in general on older versions outside of the latest supported by the branch right? Or would we? On the topic of branches, should I add additional backports for this to cover other releases that the main fix was covered in?
|
CVE is added in older RHEL versions also, so good to have in all branches. |
a52661a to
96f2261
Compare
When ldap_sudo_search_base is not set, SSSD defaults to searching the entire directory tree for sudoRole objects. In this case, we expect a warning message to be logged. Assisted-By: Claude Code (Sonnet 4.6 (1M context)) Reviewed-by: Jakub Vávra <jvavra@redhat.com>
96f2261 to
674c2b4
Compare
When ldap_sudo_search_base is not set, SSSD defaults to searching the entire directory tree for sudoRole objects. In this case, we expect a warning message to be logged.
Assisted-By: Claude Code (Sonnet 4.6 (1M context))