From c73d8de10871f1fbb0e22ed6f8fe14f05e644eee Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstephen@redhat.com>
Date: Thu, 25 Jan 2024 15:02:48 -0500
Subject: [PATCH] Support with-tlog authselect feature

authselect removes with-files-domain feature in F40+/RHEL10+,
it is replace with the 'with-tlog' feature.
---
 tasks/main.yml                 | 13 +++++++++++--
 tests/check_sssd_with_tlog.yml | 30 ++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 tests/check_sssd_with_tlog.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index 4355b16..1b17e22 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -73,16 +73,25 @@
   when: tlog_use_sssd
   notify: Handler tlog_handler restart sssd
 
-- name: Check with-files-domain feature exists
+- name: Check appropriate authselect features exists
   command: authselect list-features sssd
   register: __tlog_authselect_features
   changed_when: false
 
-- name: Check if files domain is currently enabled
+- name: Enable authselect profile with tlog feature
+  command: authselect select sssd with-tlog --force
+  when:
+    - not ansible_check_mode
+    - tlog_use_sssd | bool
+    - '"with-tlog" in __tlog_authselect_features.stdout'
+
+- name: Check which authselect features are currently enabled
   command: authselect current
   register: __tlog_authselect_current
   changed_when: false
   failed_when: __tlog_authselect_current.rc not in [0, 2]
+  notify: Handler tlog_handler restart sssd
+  changed_when: true
 
 - name: Update nsswitch
   command: authselect select sssd with-files-domain --force
diff --git a/tests/check_sssd_with_tlog.yml b/tests/check_sssd_with_tlog.yml
new file mode 100644
index 0000000..a1df71b
--- /dev/null
+++ b/tests/check_sssd_with_tlog.yml
@@ -0,0 +1,30 @@
+---
+- name: Test support of authselect with-tlog support
+  hosts: all
+  tasks:
+    - name: Check with-tlog feature exists
+      command: authselect list-features sssd
+      register: __tlog_authselect_features
+      changed_when: false
+
+    - name: Check if with-tlog authselect feature is currently enabled
+      command: authselect current
+      register: __tlog_authselect_current
+      changed_when: false
+      failed_when: __tlog_authselect_current.rc not in [0, 2]
+
+    - name: Read nsswitch.conf
+      slurp:
+        src: /etc/nsswitch.conf
+      register: __nsswitch_slurp
+
+    - name: Decode nsswitch content
+      set_fact:
+        __nsswitch_contents: "{{ __nsswitch_slurp['content'] | b64decode }}"
+
+    - name: Check if with tlog authselect feature enabled and nsswitch set correctly
+      assert:
+        that:
+          - __nsswitch_contents | regex_search('^passwd:\\s+sss', multiline=True)
+          - '"with-tlog" in __tlog_authselect_current.stdout'
+      when: - '"with-tlog" in __tlog_authselect_features.stdout'