URL: https://github.com/freeipa/freeipa/pull/5804 Author: abbra Title: #5804: [Backport][ipa-4-9] ipatests: Fetch sudo rules without time offset Action: opened
PR body: """ This PR was opened automatically because PR #5803 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5804/head:pr5804 git checkout pr5804
From d310be00aaf692e6491e087fdb67c3e852104d58 Mon Sep 17 00:00:00 2001 From: Stanislav Levin <s...@altlinux.org> Date: Wed, 2 Jun 2021 17:20:56 +0300 Subject: [PATCH] ipatests: Fetch sudo rules without time offset As of 2.5.0 SSSD introduces a random timeout for the refresh of the SUDO rules [0]. With that change it's no longer possible to immediate fetch of SUDO rules unless the feature is disabled [1]. [0]: https://github.com/SSSD/sssd/issues/5609 [1]: https://github.com/SSSD/sssd/issues/5635 Related: https://pagure.io/freeipa/issue/8844 Signed-off-by: Stanislav Levin <s...@altlinux.org> --- ipatests/ipa-test-task | 2 +- ipatests/pytest_ipa/integration/tasks.py | 35 ++++++++++--------- .../test_integration/test_legacy_clients.py | 2 +- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/ipatests/ipa-test-task b/ipatests/ipa-test-task index 6d165883739..85903214ab5 100755 --- a/ipatests/ipa-test-task +++ b/ipatests/ipa-test-task @@ -436,7 +436,7 @@ class TaskRunner(object): def setup_sssd_debugging(self, args): host = self.get_host(args.host, default=args.domain.master) - tasks.setup_sssd_debugging(host) + tasks.setup_sssd_conf(host) def sync_time(self, args): host = self.get_host(args.host, default=args.domain.master) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index 61402bc0d11..22c7ba7827b 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -374,7 +374,7 @@ def install_master(host, setup_dns=True, setup_kra=False, setup_adtrust=False, if result.returncode == 0 and not external_ca: # external CA step 1 doesn't have DS and KDC fully configured, yet enable_ds_audit_log(host, 'on') - setup_sssd_debugging(host) + setup_sssd_conf(host) kinit_admin(host) if setup_dns: setup_named_debugging(host) @@ -514,7 +514,7 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False, stdin_text=stdin_text) if result.returncode == 0: enable_ds_audit_log(replica, 'on') - setup_sssd_debugging(replica) + setup_sssd_conf(replica) kinit_admin(replica) if setup_dns: setup_named_debugging(replica) @@ -568,7 +568,7 @@ def install_client(master, client, extra_args=[], user=None, result = client.run_command(args, stdin_text=stdin_text) - setup_sssd_debugging(client) + setup_sssd_conf(client) kinit_admin(client) return result @@ -791,23 +791,26 @@ def configure_auth_to_local_rule(master, ad): master.run_command(['systemctl', 'restart', 'sssd']) -def setup_sssd_debugging(host): +def setup_sssd_conf(host): """ - Sets debug level to 7 in each section of sssd.conf file. + Configures sssd """ + # sssd in not published on PyPI + from SSSDConfig import NoOptionError - # Set debug level in each section of sssd.conf file to 7 - # First, remove any previous occurences - host.run_command(['sed', '-i', - '/debug_level = 7/d', - paths.SSSD_CONF], - raiseonerr=False) + with remote_sssd_config(host) as sssd_config: + # sssd 2.5.0 https://github.com/SSSD/sssd/issues/5635 + try: + sssd_config.edit_domain(host.domain, "ldap_sudo_random_offset", 0) + except NoOptionError: + # sssd doesn't support ldap_sudo_random_offset + pass - # Add the debug directive to each section - host.run_command(['sed', '-i', - r'/\[*\]/ a\debug_level = 7', - paths.SSSD_CONF], - raiseonerr=False) + for sssd_service_name in sssd_config.list_services(): + sssd_config.edit_service(sssd_service_name, "debug_level", 7) + + for sssd_domain_name in sssd_config.list_domains(): + sssd_config.edit_domain(sssd_domain_name, "debug_level", 7) # Clear the cache and restart SSSD clear_sssd_cache(host) diff --git a/ipatests/test_integration/test_legacy_clients.py b/ipatests/test_integration/test_legacy_clients.py index 553256a1699..d3850f983f1 100644 --- a/ipatests/test_integration/test_legacy_clients.py +++ b/ipatests/test_integration/test_legacy_clients.py @@ -543,7 +543,7 @@ class BaseTestSSSDMixin: def test_apply_advice(self): super(BaseTestSSSDMixin, self).test_apply_advice() - tasks.setup_sssd_debugging(self.legacy_client) + tasks.setup_sssd_conf(self.legacy_client) # Tests definitions themselves. Beauty. Just pure beauty.
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure