feat: Add sssd custom settings

[brakkio86]

Enhancement: allow sssd custom settings

Reason: sssd.conf is fixed and not costumizable

Result:

Issue Tracker Tickets (Jira or BZ if any):

[richm]

Thanks - looks useful - @justin-stephenson wdyt?

since ad_integration_sssd_custom_settings is part of the public interface, it needs the following:

• defined in defaults/main.yml with a default value e.g. ad_integration_sssd_custom_settings: []
• described in README.md
• some sort of test for this - specify ad_integration_sssd_custom_settings, confirm that they are in sssd.conf

[justin-stephenson]

I am good with allowing custom sssd options for this role.

[brakkio86]

Hello @richm,
I've added the default section and described in readme. What do you mean with "some sort of test for this - specify ad_integration_sssd_custom_settings, confirm that they are in sssd.conf"? In my opinion, module community.general.ini_file already do that. Or do you mean something else?

[richm]

Hello @richm, I've added the default section and described in readme. What do you mean with "some sort of test for this - specify ad_integration_sssd_custom_settings, confirm that they are in sssd.conf"? In my opinion, module community.general.ini_file already do that. Or do you mean something else?

For example - take a look at https://github.com/linux-system-roles/ad_integration/blob/main/tests/tests_dyndns.yml - in fact, IMO you could change this test - add ad_integration_sssd_custom_settings: with one setting to vars:, and check for it in the Test - Verify sssd.conf options were written task. I realize it may seem like we are testing the workings of the ini_file module, but our QE is going to want to ensure that the parameter was indeed written to the config file, and would strongly prefer an automated way to do that, rather than having to manually inspect the resulting file.

[brakkio86]

Hello, I've wrote a test. @richm what do you think?

[brakkio86]

I've modified the code in order to remove the specified custom parameters. Is it ok now?

[richm]

[citest]

[richm]

In addition to the other suggested changes, change handlers/main.yml like this:

   loop: "{{ __ad_integration_services }}"
+  when: not __ad_integration_test_sssd_config_only | d(false)

that way the handler notifications won't actually attempt to restart realmd or sssd when the config files are changed, and we only want to test the config files

[brakkio86]

@richm What is the porpouse of the variable __ad_integration_test_sssd_config_only?

[brakkio86]

In addition to the other suggested changes, change handlers/main.yml like this:

   loop: "{{ __ad_integration_services }}"
+  when: not __ad_integration_test_sssd_config_only | d(false)

that way the handler notifications won't actually attempt to restart realmd or sssd when the config files are changed, and we only want to test the config files

Done as you suggest.

[brakkio86]

@richm What is the porpouse of the variable __ad_integration_test_sssd_config_only?

Ignore it, I found the answer by myself

[richm]

[citest]

[richm]

note - I'm going to merge this even though ansible 2.9 tests are broken - the problem is that the ini lookup works differently in 2.9 and later, and 2.9 tries to evaluate the 2.x lookup call, even if excluded by a when - so I need to figure out how we will test this with 2.9 (and this applies to the dyndns support as well - I will refactor that too).

[richm]

@brakkio86 can you give me some examples of settings that you need to set in sssd.conf in order for ad_integration to work in your environment? We would like to add some tests for this feature, but we want to know some settings to apply to sssd.conf