def test_sudo_rule_restricted_to_one_hostmask_setup(self): # We need to detect the hostmask first full_ip = util.get_host_ip_with_hostmask(self.client) # Make a note for the next test, which needs to be skipped # if hostmask detection failed self.__class__.skip_hostmask_based = False if not full_ip: self.__class__.skip_hostmask_based = True raise pytest.skip("Hostmask could not be detected") self.master.run_command(['ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', full_ip]) # SSSD >= 1.13.3-3 uses native IPA schema instead of compat entries to # pull in sudoers. Since native schema does not (yet) support # hostmasks, we need to point ldap_sudo_search_base to the old schema domain = self.client.domain modify_sssd_conf( self.client, domain.name, { 'ldap_sudo_search_base': 'ou=sudoers,{}'.format(domain.basedn) }, provider_subtype='sudo' )
def test_sudo_rule_restricted_to_one_hostmask_setup(self): # We need to detect the hostmask first full_ip = util.get_host_ip_with_hostmask(self.client) # Make a note for the next test, which needs to be skipped # if hostmask detection failed self.__class__.skip_hostmask_based = False if not full_ip: self.__class__.skip_hostmask_based = True raise pytest.skip("Hostmask could not be detected") self.master.run_command([ 'ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', full_ip ]) # SSSD >= 1.13.3-3 uses native IPA schema instead of compat entries to # pull in sudoers. Since native schema does not (yet) support # hostmasks, we need to point ldap_sudo_search_base to the old schema domain = self.client.domain modify_sssd_conf( self.client, domain.name, {'ldap_sudo_search_base': 'ou=sudoers,{}'.format(domain.basedn)}, provider_subtype='sudo')
def test_sudo_rule_restricted_to_one_hostmask_teardown(self): if self.__class__.skip_hostmask_based: raise pytest.skip("Hostmask could not be detected") # Detect the hostmask first to delete the hostmask based rule full_ip = util.get_host_ip_with_hostmask(self.client) # Remove the client's hostmask from the rule self.master.run_command(['ipa', '-n', 'sudorule-remove-host', 'testrule', '--hostmask', full_ip])
def test_sudo_rule_restricted_to_one_hostmask_teardown(self): if self.__class__.skip_hostmask_based: raise pytest.skip("Hostmask could not be detected") # Detect the hostmask first to delete the hostmask based rule full_ip = util.get_host_ip_with_hostmask(self.client) # Remove the client's hostmask from the rule self.master.run_command([ 'ipa', '-n', 'sudorule-remove-host', 'testrule', '--hostmask', full_ip ])