Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sssd: adjust permissions on functional tests & tidyup #18126

Merged
merged 1 commit into from
Dec 6, 2023
Merged

sssd: adjust permissions on functional tests & tidyup #18126

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
44 changes: 35 additions & 9 deletions tests/console/sssd_389ds_functional.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,36 @@ sub run {
systemctl("enable --now $docker") if ($docker eq "docker");
#build image, create container, setup 389-ds database and import testing data
assert_script_run("mkdir /tmp/sssd && cd /tmp/sssd");
assert_script_run("curl " . "--remote-name-all " . data_url("sssd/398-ds/{user_389.ldif,access.ldif,Dockerfile_$docker,instance_389.inf}"));

my @artifacts = qw(
user_389.ldif
access.ldif
instance_389.inf
sssd.conf
nsswitch.conf
config
);

push(@artifacts, "Dockerfile_$docker"); # qw doesn't do interpolation.

# Download all the artifacts to current dir, permissions will be handled by install commands below.
my $data_url = sprintf("sssd/398-ds/{%s}", join(',', @artifacts));
assert_script_run("curl --remote-name-all " . data_url($data_url));

assert_script_run(qq(sed -i '/gpg-auto-import-keys/i\\RUN zypper rr SLE_BCI' Dockerfile_$docker)) if (check_var('BETA', '1'));
assert_script_run(qq($docker build -t ds389_image --build-arg tag="$tag" --build-arg pkgs="$pkgs" -f Dockerfile_$docker .), timeout => 600);
assert_script_run(
"$docker run -itd --shm-size=256m --name ds389_container --hostname ldapserver --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --restart=always ds389_image"
) if ($docker eq "docker");
assert_script_run("$docker run -itd --shm-size=256m --name ds389_container --hostname ldapserver ds389_image") if ($docker eq "podman");

# Cleanup the container in case a previous run did not cleanup properly, no need to assert
script_run(qq($docker rm -f ds389_container));

my $container_run_389_ds = "$docker run -itd --shm-size=256m --name ds389_container --hostname ldapserver";

if ($docker eq "docker") {
$container_run_389_ds .= " --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --restart=always";
}

assert_script_run("$container_run_389_ds ds389_image");

assert_script_run("$docker exec ds389_container chown dirsrv:dirsrv /var/lib/dirsrv");
assert_script_run("$docker exec ds389_container sed -n '/ldapserver/p' /etc/hosts >> /etc/hosts");
assert_script_run("$docker exec ds389_container dscreate from-file /tmp/instance_389.inf");
Expand All @@ -70,9 +93,12 @@ sub run {
# Configure sssd on the host side
assert_script_run('mkdir -p /etc/sssd/');
assert_script_run("$docker cp ds389_container:/etc/dirsrv/slapd-frist389/ca.crt /etc/sssd/ldapserver.crt");
assert_script_run("curl " . data_url("sssd/398-ds/sssd.conf") . " -o /etc/sssd/sssd.conf");
assert_script_run("curl " . data_url("sssd/398-ds/nsswitch.conf") . " -o /etc/nsswitch.conf");
assert_script_run("curl " . data_url("sssd/398-ds/config") . " --create-dirs -o ~/.ssh/config");

# nssswitch must be readable by all users
assert_script_run("install --mode 0644 -D ./nsswitch.conf /etc/nsswitch.conf");
assert_script_run("install --mode 0600 -D ./sssd.conf /etc/sssd/sssd.conf");
assert_script_run("install --mode 0600 -D ./config ~/.ssh/config");

systemctl("disable --now nscd.service");
systemctl("enable --now sssd.service");

Expand Down Expand Up @@ -113,7 +139,7 @@ sub run {
validate_script_output('cat /tmp/passwdback', sub { m/Password changed back/ });

#offline identity lookup and authentification
assert_script_run("$docker stop ds389_container") if ($docker eq "docker");
assert_script_run("$docker stop ds389_container");
#offline cached remote user indentity lookup
validate_script_output("id alice", sub { m/uid=9998\(alice\)/ });
#offline remote user authentification test
Expand Down