Skip to content

[Test case] Fix test_authorization does not wait long enough before running 'show aaa' #7834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lerry-lee merged 2 commits into from
Mar 23, 2023
Merged

[Test case] Fix test_authorization does not wait long enough before running 'show aaa' #7834

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b097208
Use wait_until to execute show aaa cmd, instead of sleep
lerry-lee Mar 23, 2023
229ca82
remove sleep, move comments
lerry-lee Mar 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 19 additions & 9 deletions tests/tacacs/test_authorization.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
import paramiko
import time
import pytest
from _pytest.outcomes import Failed

from tests.tacacs.utils import stop_tacacs_server, start_tacacs_server
from tests.tacacs.utils import per_command_check_skip_versions, remove_all_tacacs_server, get_ld_path
from tests.common.helpers.assertions import pytest_assert
from tests.common.utilities import skip_release
from tests.common.utilities import skip_release, wait_until

pytestmark = [
pytest.mark.disable_loganalyzer,
Expand Down Expand Up @@ -113,15 +114,29 @@ def setup_authorization_tacacs_local(duthosts, enum_rand_one_per_hwsku_hostname)
duthost.shell("sudo config aaa authorization local") # Default authorization method is local


def verify_show_aaa(remote_user_client):
exit_code, stdout, stderr = ssh_run_command(remote_user_client, "show aaa")
if exit_code != 0:
return False

try:
check_ssh_output(stdout, 'AAA authentication')
return True
except Failed:
return False


def check_authorization_tacacs_only(duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, remote_user_client):
duthost = duthosts[enum_rand_one_per_hwsku_hostname]
"""
Verify TACACS+ user run command in server side whitelist:
If command have local permission, user can run command.
"""
exit_code, stdout, stderr = ssh_run_command(remote_user_client, "show aaa")
pytest_assert(exit_code == 0)
check_ssh_output(stdout, 'AAA authentication')
# The "config tacacs add" commands will trigger hostcfgd to regenerate tacacs config.
# If we immediately run "show aaa" command, the client may still be using the first invalid tacacs server.
# The second valid tacacs may not take effect yet. Wait some time for the valid tacacs server to take effect.
succeeded = wait_until(10, 1, 0, verify_show_aaa, remote_user_client)
pytest_assert(succeeded)

exit_code, stdout, stderr = ssh_run_command(remote_user_client, "config aaa")
pytest_assert(exit_code == 1)
Expand Down Expand Up @@ -163,11 +178,6 @@ def test_authorization_tacacs_only_some_server_down(
duthost.shell("sudo config tacacs add %s" % invalid_tacacs_server_ip)
duthost.shell("sudo config tacacs add %s" % tacacs_server_ip)

# The above "config tacacs add" commands will trigger hostcfgd to regenerate tacacs config.
# If we immediately run "show aaa" command, the client may still be using the first invalid tacacs server.
# The second valid tacacs may not take effect yet. Wait some time for the valid tacacs server to take effect.
time.sleep(2)

"""
Verify TACACS+ user run command in server side whitelist:
If command have local permission, user can run command.
Expand Down