def test_sudo_rule_restricted_to_one_hostmask_setup(self): # We need to detect the hostmask first full_ip = util.get_host_ip_with_hostmask(self.client) # Make a note for the next test, which needs to be skipped # if hostmask detection failed self.__class__.skip_hostmask_based = False if not full_ip: self.__class__.skip_hostmask_based = True raise pytest.skip("Hostmask could not be detected") self.master.run_command(['ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', full_ip]) # SSSD >= 1.13.3-3 uses native IPA schema instead of compat entries to # pull in sudoers. Since native schema does not (yet) support # hostmasks, we need to point ldap_sudo_search_base to the old schema domain = self.client.domain modify_sssd_conf( self.client, domain.name, { 'ldap_sudo_search_base': 'ou=sudoers,{}'.format(domain.basedn) }, provider_subtype='sudo' )
def test_sudo_rule_restricted_to_one_hostmask_setup(self): # We need to detect the hostmask first full_ip = util.get_host_ip_with_hostmask(self.client) # Make a note for the next test, which needs to be skipped # if hostmask detection failed self.__class__.skip_hostmask_based = False if not full_ip: self.__class__.skip_hostmask_based = True raise pytest.skip("Hostmask could not be detected") self.master.run_command([ 'ipa', '-n', 'sudorule-add-host', 'testrule', '--hostmask', full_ip ]) # SSSD >= 1.13.3-3 uses native IPA schema instead of compat entries to # pull in sudoers. Since native schema does not (yet) support # hostmasks, we need to point ldap_sudo_search_base to the old schema domain = self.client.domain modify_sssd_conf( self.client, domain.name, {'ldap_sudo_search_base': 'ou=sudoers,{}'.format(domain.basedn)}, provider_subtype='sudo')
def test_sudo_rule_restricted_to_one_hostmask_negative_teardown(self): # Remove the master's hostmask from the rule ip = self.master.ip self.master.run_command([ 'ipa', '-n', 'sudorule-remove-host', 'testrule', '--hostmask', '%s/32' % ip ]) # reset ldap_sudo_search_base back to the default value, the old # schema is not needed for the upcoming tests domain = self.client.domain modify_sssd_conf(self.client, domain.name, {'ldap_sudo_search_base': None}, provider_subtype='sudo')
def test_sudo_rule_restricted_to_one_hostmask_negative_teardown(self): # Remove the master's hostmask from the rule ip = self.master.ip self.master.run_command(['ipa', '-n', 'sudorule-remove-host', 'testrule', '--hostmask', '%s/32' % ip]) # reset ldap_sudo_search_base back to the default value, the old # schema is not needed for the upcoming tests domain = self.client.domain modify_sssd_conf( self.client, domain.name, { 'ldap_sudo_search_base': None }, provider_subtype='sudo' )