def test_sudo_rule_restricted_to_one_hostmask_setup(self): # We need to detect the hostmask first full_ip = get_host_ip_with_hostmask(self.client) # Make a note for the next test, which needs to be skipped # if hostmask detection failed self.__class__.skip_hostmask_based = False if not full_ip: self.__class__.skip_hostmask_based = True raise pytest.skip("Hostmask could not be detected") self.master.run_command(['ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', full_ip]) # SSSD >= 1.13.3-3 uses native IPA schema instead of compat entries to # pull in sudoers. Since native schema does not (yet) support # hostmasks, we need to point ldap_sudo_search_base to the old schema self.__class__.client_sssd_conf_backup = FileBackup( self.client, paths.SSSD_CONF) domain = self.client.domain with remote_sssd_config(self.client) as sssd_conf: sssd_conf.edit_domain(domain, 'sudo_provider', 'ipa') sssd_conf.edit_domain(domain, 'ldap_sudo_search_base', 'ou=sudoers,{}'.format(domain.basedn))
def test_sudo_rule_restricted_to_one_hostmask_teardown(self): if self.__class__.skip_hostmask_based: raise pytest.skip("Hostmask could not be detected") # Detect the hostmask first to delete the hostmask based rule full_ip = get_host_ip_with_hostmask(self.client) # Remove the client's hostmask from the rule self.master.run_command(['ipa', '-n', 'sudorule-remove-host', 'testrule', '--hostmask', full_ip])