def test_sudo_rule_restricted_to_one_hostmask_setup(self):
# We need to detect the hostmask first
full_ip = util.get_host_ip_with_hostmask(self.client)
# Make a note for the next test, which needs to be skipped
# if hostmask detection failed
self.__class__.skip_hostmask_based = False
if not full_ip:
self.__class__.skip_hostmask_based = True
raise pytest.skip("Hostmask could not be detected")
self.master.run_command(['ipa', '-n', 'sudorule-add-host',
'testrule',
'--hostmask', full_ip])
# SSSD >= 1.13.3-3 uses native IPA schema instead of compat entries to
# pull in sudoers. Since native schema does not (yet) support
# hostmasks, we need to point ldap_sudo_search_base to the old schema
domain = self.client.domain
modify_sssd_conf(
self.client,
domain.name,
{
'ldap_sudo_search_base': 'ou=sudoers,{}'.format(domain.basedn)
},
provider_subtype='sudo'
)
def test_sudo_rule_restricted_to_one_hostmask_setup(self):
# We need to detect the hostmask first
full_ip = util.get_host_ip_with_hostmask(self.client)
# Make a note for the next test, which needs to be skipped
# if hostmask detection failed
self.__class__.skip_hostmask_based = False
if not full_ip:
self.__class__.skip_hostmask_based = True
raise pytest.skip("Hostmask could not be detected")
self.master.run_command([
'ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', full_ip
])
# SSSD >= 1.13.3-3 uses native IPA schema instead of compat entries to
# pull in sudoers. Since native schema does not (yet) support
# hostmasks, we need to point ldap_sudo_search_base to the old schema
domain = self.client.domain
modify_sssd_conf(
self.client,
domain.name,
{'ldap_sudo_search_base': 'ou=sudoers,{}'.format(domain.basedn)},
provider_subtype='sudo')
def test_sudo_rule_restricted_to_one_hostmask_negative_teardown(self):
# Remove the master's hostmask from the rule
ip = self.master.ip
self.master.run_command([
'ipa', '-n', 'sudorule-remove-host', 'testrule', '--hostmask',
'%s/32' % ip
])
# reset ldap_sudo_search_base back to the default value, the old
# schema is not needed for the upcoming tests
domain = self.client.domain
modify_sssd_conf(self.client,
domain.name, {'ldap_sudo_search_base': None},
provider_subtype='sudo')
def test_sudo_rule_restricted_to_one_hostmask_negative_teardown(self):
# Remove the master's hostmask from the rule
ip = self.master.ip
self.master.run_command(['ipa', '-n', 'sudorule-remove-host',
'testrule',
'--hostmask', '%s/32' % ip])
# reset ldap_sudo_search_base back to the default value, the old
# schema is not needed for the upcoming tests
domain = self.client.domain
modify_sssd_conf(
self.client,
domain.name,
{
'ldap_sudo_search_base': None
},
provider_subtype='sudo'
)
