From 9003a4eb8f049ac66fea7c75ab67f91951dce293 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 25 Jan 2024 15:02:48 -0500 Subject: [PATCH] Support with-tlog authselect feature authselect removes with-files-domain feature in F40+/RHEL10+, it is replace with the 'with-tlog' feature. --- tasks/main.yml | 13 +++++++++++-- tests/check_sssd_with_tlog.yml | 27 +++++++++++++++++++++++++++ tests/tests_sssd.yml | 8 +++++++- 3 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 tests/check_sssd_with_tlog.yml diff --git a/tasks/main.yml b/tasks/main.yml index 4355b16..1b17e22 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -73,16 +73,25 @@ when: tlog_use_sssd notify: Handler tlog_handler restart sssd -- name: Check with-files-domain feature exists +- name: Check appropriate authselect features exists command: authselect list-features sssd register: __tlog_authselect_features changed_when: false -- name: Check if files domain is currently enabled +- name: Enable authselect profile with tlog feature + command: authselect select sssd with-tlog --force + when: + - not ansible_check_mode + - tlog_use_sssd | bool + - '"with-tlog" in __tlog_authselect_features.stdout' + +- name: Check which authselect features are currently enabled command: authselect current register: __tlog_authselect_current changed_when: false failed_when: __tlog_authselect_current.rc not in [0, 2] + notify: Handler tlog_handler restart sssd + changed_when: true - name: Update nsswitch command: authselect select sssd with-files-domain --force diff --git a/tests/check_sssd_with_tlog.yml b/tests/check_sssd_with_tlog.yml new file mode 100644 index 0000000..d150a48 --- /dev/null +++ b/tests/check_sssd_with_tlog.yml @@ -0,0 +1,27 @@ +--- +- name: Check with-tlog feature exists + command: authselect list-features sssd + register: __tlog_authselect_features + changed_when: false + +- name: Check if with-tlog authselect feature is currently enabled + command: authselect current + register: __tlog_authselect_current + changed_when: false + failed_when: __tlog_authselect_current.rc not in [0, 2] + +- name: Read nsswitch.conf + slurp: + src: /etc/nsswitch.conf + register: __nsswitch_slurp + +- name: Decode nsswitch content + set_fact: + __nsswitch_contents: "{{ __nsswitch_slurp['content'] | b64decode }}" + +- name: Check if with tlog authselect feature enabled and nsswitch set correctly + assert: + that: + - __nsswitch_contents | regex_search('^passwd:\\s+sss', multiline=True) + - '"with-tlog" in __tlog_authselect_current.stdout' + when: - '"with-tlog" in __tlog_authselect_features.stdout' diff --git a/tests/tests_sssd.yml b/tests/tests_sssd.yml index 6b0c785..da3943d 100644 --- a/tests/tests_sssd.yml +++ b/tests/tests_sssd.yml @@ -19,7 +19,13 @@ vars: tlog_scope_sssd: all - - name: Check sssd files provider setup properly + - name: Check sssd authselect with tlog setup properly + import_tasks: check_sssd_with_tlog.yml + + - name: Run sssd tests + import_tasks: run_sssd_tests.yml + + - name: Check authselect files provider setup properly import_tasks: check_sssd_files_provider.yml - name: Run sssd tests