sssd: adjust permissions on functional tests & tidyup

- Reorganized the logic so all artifacts needed are downloaded
  on start.
- Copying with permissions is now done with 'install'.
- DRY-up docker/podman run command.

Addresses: poo#138989

tests/console/sssd_389ds_functional.pm

@@ -54,13 +54,33 @@ sub run {
     systemctl("enable --now $docker") if ($docker eq "docker");
     #build image, create container, setup 389-ds database and import testing data
     assert_script_run("mkdir /tmp/sssd && cd /tmp/sssd");
-    assert_script_run("curl " . "--remote-name-all " . data_url("sssd/398-ds/{user_389.ldif,access.ldif,Dockerfile_$docker,instance_389.inf}"));
+
+    my @artifacts = qw(
+      user_389.ldif
+      access.ldif
+      instance_389.inf
+      sssd.conf
+      nsswitch.conf
+      config
+    );
+
+    @artifacts = (@artifacts, ("Dockerfile_$docker"));    # qw doesn't do interpolation.
+
+    # Download all the artifacts to current dir, permissions will be handled by install commands below.
+    my $data_url = sprintf("sssd/398-ds/{%s}", join(',', @artifacts));
+    assert_script_run("curl --remote-name-all " . data_url($data_url));
+
     assert_script_run(qq(sed -i '/gpg-auto-import-keys/i\\RUN zypper rr SLE_BCI' Dockerfile_$docker)) if (check_var('BETA', '1'));
     assert_script_run(qq($docker build -t ds389_image --build-arg tag="$tag" --build-arg pkgs="$pkgs" -f Dockerfile_$docker .), timeout => 600);
-    assert_script_run(
-"$docker run -itd --shm-size=256m --name ds389_container --hostname ldapserver --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --restart=always ds389_image"
-    ) if ($docker eq "docker");
-    assert_script_run("$docker run -itd --shm-size=256m --name ds389_container --hostname ldapserver ds389_image") if ($docker eq "podman");
+
+    my $container_run_389_ds = "$docker run -itd --shm-size=256m --name ds389_container --hostname ldapserver";
+
+    if ($docker eq "docker") {
+        $container_run_389_ds .= " --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --restart=always";
+    }
+
+    assert_script_run("$container_run_389_ds ds389_image");
+
     assert_script_run("$docker exec ds389_container chown dirsrv:dirsrv /var/lib/dirsrv");
     assert_script_run("$docker exec ds389_container sed -n '/ldapserver/p' /etc/hosts >> /etc/hosts");
     assert_script_run("$docker exec ds389_container dscreate from-file /tmp/instance_389.inf");
@@ -70,9 +90,11 @@ sub run {
     # Configure sssd on the host side
     assert_script_run('mkdir -p /etc/sssd/');
     assert_script_run("$docker cp ds389_container:/etc/dirsrv/slapd-frist389/ca.crt /etc/sssd/ldapserver.crt");
-    assert_script_run("curl " . data_url("sssd/398-ds/sssd.conf") . " -o /etc/sssd/sssd.conf");
-    assert_script_run("curl " . data_url("sssd/398-ds/nsswitch.conf") . " -o /etc/nsswitch.conf");
-    assert_script_run("curl " . data_url("sssd/398-ds/config") . " --create-dirs -o ~/.ssh/config");
+
+    assert_script_run("install --mode 0600 -D ./sssd.conf /etc/sssd/sssd.conf");
+    assert_script_run("install --mode 0600 -D ./nsswitch.conf /etc/nsswitch.conf");
+    assert_script_run("install --mode 0600 -D ./config ~/.ssh/config");
+
     systemctl("disable --now nscd.service");
     systemctl("enable --now sssd.service");