From: Andreas Schneider <asn@samba.org>
Date: Mon, 10 Nov 2025 10:01:05 +0000 (+0100)
Subject: python:tests: Use random users for user_auth_policy.py
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a34117687478858fb4f883db44463bc63524a8ee;p=thirdparty%2Fsamba.git

python:tests: Use random users for user_auth_policy.py

We should not work on alice, bob and joe. We should use random user so we can
clean up afterwards. If we don't do this the dbcheck tests will fails with:

UNEXPECTED(failure): samba4.blackbox.dbcheck(ad_dc).dbcheck(ad_dc:local)
REASON: Exception: Exception: Checking 21449 objects
WARNING: target DN is deleted for msDS-AssignedAuthNPolicy in object CN=alice,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=66bd1f51-084f-4259-a769-efa59adb6e31>;<RMD_ADDTIM
E=134051822550000000>;<RMD_CHANGETIME=134051822550000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14061>;<RMD_ORIGINATING_USN=14061>;<RMD_VE
RSION=2>;CN=User Policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=User Policy\\0ADEL:66bd1f51-084f-4259-a769-efa59adb6e31,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicySilo in object CN=alice,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=287d6c3d-bea8-4c06-bdf8-7d4b579bc0e9>;<RMD_AD
DTIME=134051822560000000>;<RMD_CHANGETIME=134051822560000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14081>;<RMD_ORIGINATING_USN=14081>;<RM
D_VERSION=2>;CN=Developers,CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=Developers\\0ADEL:287d6c3d-bea8-4c06-bdf8-7d4b579bc0e9,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicy in object CN=bob,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=66bd1f51-084f-4259-a769-efa59adb6e31>;<RMD_ADDTIME=
134051822550000000>;<RMD_CHANGETIME=134051822550000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14065>;<RMD_ORIGINATING_USN=14065>;<RMD_VERS
ION=4>;CN=User Policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=User Policy\\0ADEL:66bd1f51-084f-4259-a769-efa59adb6e31,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicySilo in object CN=bob,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=1a1e5cdf-b92e-4a80-bc35-cccad8e9f865>;<RMD_ADDT
IME=134051822560000000>;<RMD_CHANGETIME=134051822560000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14085>;<RMD_ORIGINATING_USN=14085>;<RMD_
VERSION=4>;CN=QA,CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=QA\\0ADEL:1a1e5cdf-b92e-4a80-bc35-cccad8e9f865,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
Checked 21449 objects (4 errors)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/python/samba/tests/samba_tool/user_auth_policy.py b/python/samba/tests/samba_tool/user_auth_policy.py
index 035a1f2941f..65ce8d8455f 100644
--- a/python/samba/tests/samba_tool/user_auth_policy.py
+++ b/python/samba/tests/samba_tool/user_auth_policy.py
@@ -26,61 +26,126 @@ from .silo_base import SiloTest
 
 
 class AuthPolicyCmdTestCase(SiloTest):
+
+    def setUp(self):
+        super().setUp()
+        # Create random test users
+        self.user1 = self.randomName()
+        self.user2 = self.randomName()
+        self.user3 = self.randomName()
+
+        # Create the users with random passwords
+        password = self.random_password()
+        self.runcmd("user", "add", self.user1, password)
+        self.runcmd("user", "add", self.user2, password)
+        self.runcmd("user", "add", self.user3, password)
+
+    def tearDown(self):
+        # Remove policy assignments before deleting users
+        # (ignore errors if no assignment exists)
+        self.runcmd("user", "auth", "policy", "remove", self.user1)
+        self.runcmd("user", "auth", "policy", "remove", self.user2)
+
+        # Delete the random test users
+        self.runcmd("user", "delete", self.user1)
+        self.runcmd("user", "delete", self.user2)
+        self.runcmd("user", "delete", self.user3)
+        super().tearDown()
+
     def test_assign(self):
         """Test assigning an authentication policy to a user."""
-        self.addCleanup(self.runcmd, "user", "auth", "policy", "remove", "alice")
-        result, out, err = self.runcmd("user", "auth", "policy", "assign",
-                                       "alice", "--policy", "User Policy")
+        self.addCleanup(
+            self.runcmd, "user", "auth", "policy", "remove", self.user1
+        )
+        result, out, err = self.runcmd(
+            "user",
+            "auth",
+            "policy",
+            "assign",
+            self.user1,
+            "--policy",
+            "User Policy",
+        )
         self.assertIsNone(result, msg=err)
 
-        # Assigned policy should be 'Developers'
-        user = User.get(self.samdb, account_name="alice")
+        # Assigned policy should be 'User Policy'
+        user = User.get(self.samdb, account_name=self.user1)
         policy = AuthenticationPolicy.get(self.samdb, dn=user.assigned_policy)
         self.assertEqual(policy.name, "User Policy")
 
     def test_assign__invalid_policy(self):
-        """Test assigning a non-existing authentication policy to a user."""
-        result, out, err = self.runcmd("user", "auth", "policy", "assign",
-                                       "alice", "--policy", "doesNotExist")
+        """Test assigning a non-existing authentication policy."""
+        result, out, err = self.runcmd(
+            "user",
+            "auth",
+            "policy",
+            "assign",
+            self.user1,
+            "--policy",
+            "doesNotExist",
+        )
         self.assertEqual(result, -1)
         self.assertIn("Authentication policy doesNotExist not found.", err)
 
     def test_remove(self):
-        """Test removing the assigned authentication policy from a user."""
+        """Test removing the assigned authentication policy."""
         # First assign a policy, so we can test removing it.
-        self.runcmd("user", "auth", "policy", "assign", "bob", "--policy",
-                    "User Policy")
+        self.runcmd(
+            "user",
+            "auth",
+            "policy",
+            "assign",
+            self.user2,
+            "--policy",
+            "User Policy",
+        )
 
         # Assigned policy should be set
-        user = User.get(self.samdb, account_name="bob")
+        user = User.get(self.samdb, account_name=self.user2)
         self.assertIsNotNone(user.assigned_policy)
 
         # Now try removing it
-        result, out, err = self.runcmd("user", "auth", "policy", "remove",
-                                       "bob")
+        result, out, err = self.runcmd(
+            "user", "auth", "policy", "remove", self.user2
+        )
         self.assertIsNone(result, msg=err)
 
         # Assigned policy should be None
-        user = User.get(self.samdb, account_name="bob")
+        user = User.get(self.samdb, account_name=self.user2)
         self.assertIsNone(user.assigned_policy)
 
     def test_view(self):
-        """Test viewing the current assigned authentication policy on a user."""
+        """Test viewing the assigned authentication policy."""
         # Assign a policy on one of the users.
-        self.addCleanup(self.runcmd, "user", "auth", "policy", "remove", "bob")
-        self.runcmd("user", "auth", "policy", "assign", "bob", "--policy",
-                    "User Policy")
+        self.addCleanup(
+            self.runcmd, "user", "auth", "policy", "remove", self.user2
+        )
+        self.runcmd(
+            "user",
+            "auth",
+            "policy",
+            "assign",
+            self.user2,
+            "--policy",
+            "User Policy",
+        )
 
         # Test user with a policy assigned.
-        result, out, err = self.runcmd("user", "auth", "policy", "view",
-                                       "bob")
+        result, out, err = self.runcmd(
+            "user", "auth", "policy", "view", self.user2
+        )
         self.assertIsNone(result, msg=err)
         self.assertEqual(
-            out, "User bob assigned to authentication policy User Policy\n")
+            out,
+            f"User {self.user2} assigned to authentication policy "
+            f"User Policy\n",
+        )
 
         # Test user without a policy assigned.
-        result, out, err = self.runcmd("user", "auth", "policy", "view",
-                                       "joe")
+        result, out, err = self.runcmd(
+            "user", "auth", "policy", "view", self.user3
+        )
         self.assertIsNone(result, msg=err)
         self.assertEqual(
-            out, "User joe has no assigned authentication policy.\n")
+            out, f"User {self.user3} has no assigned authentication policy.\n"
+        )