Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEENG-491 Support multiple AD backends #467

Merged
merged 23 commits into from
Oct 20, 2022
Merged

DEENG-491 Support multiple AD backends #467

merged 23 commits into from
Oct 20, 2022

Conversation

didrocks
Copy link
Member

This PR are the changes needed for supporting multiple AD backends.

Default backend is SSSd.

@didrocks didrocks requested a review from a team as a code owner October 19, 2022 10:20
@didrocks
Copy link
Member Author

Note: due to the config change, we need to update the documentation. However, the code itself is good for review.

@didrocks
Copy link
Member Author

and documentation is now updated!

@codecov-commenter
Copy link

codecov-commenter commented Oct 19, 2022
edited

Codecov Report

Merging #467 (b76459a) into main (9c4662d) will increase coverage by 0.13%.
The diff coverage is 99.45%.

@@            Coverage Diff             @@
##             main     #467      +/-   ##
==========================================
+ Coverage   83.85%   83.98%   +0.13%     
==========================================
  Files          71       73       +2     
  Lines        7483     7513      +30     
==========================================
+ Hits         6275     6310      +35     
+ Misses        910      907       -3     
+ Partials      298      296       -2
Impacted Files Coverage Δ
internal/adsysservice/adsysservice.go 83.06% <95.00%> (-1.74%) ⬇️
cmd/adsysd/daemon/daemon.go 85.24% <100.00%> (ø)
internal/ad/ad.go 89.70% <100.00%> (+1.01%) ⬆️
internal/ad/backends/mock/mock.go 100.00% <100.00%> (ø)
internal/ad/backends/sss/sss.go 100.00% <100.00%> (ø)
internal/adsysservice/service.go 72.22% <100.00%> (-1.12%) ⬇️
internal/adsysservice/policy.go 71.15% <0.00%> (-5.77%) ⬇️
cmd/adsysd/client/policy.go 73.54% <0.00%> (-0.97%) ⬇️
... and 2 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

GabrielNagy
GabrielNagy approved these changes Oct 20, 2022
View reviewed changes
Copy link
Collaborator

@GabrielNagy GabrielNagy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for separating this into easy to parse chunks. Went over everything and it looks good to me! Great work!

didrocks and others added 23 commits October 20, 2022 11:13
@didrocks
Create an sssd backend
1276f5a 
We are going to separate backends from the service and ad object itself.
@didrocks
Add tests for sssd backend.
eb9553b
@didrocks
Wire sssd backend instead of harcoded sssd config
2b95ecd 
Change the parameters to accept backend and possible option for each
backend (sssd only now).
@didrocks
Adapt AD internal tests to new API
bf6d5aa 
Provide a mock backend for our tests.
Change our internal tests and don’t export sssd objects.
@didrocks
Adapt ad package tests
e76079c 
Simplify most of the tests for ad package tests. This includes having
default configuration, less parameters for each tests and create
dynamically the krb5 tokens as needed.
Fix some duplicated and mismatch tests.
Don’t rely on GetStatus, which doesn’t exist anymore.
@didrocks
Add dedicated ad GetInfo() package tests
8c2ed55 
Ensure we control their result with golden files.
@didrocks
Remove deprecated tests and config of Config load
cc2c073 
This code and tests all migrated in sssd.
@didrocks @jibel
Adapt tests for new adsysservice API
ae77c84 
We now load the backend here, adapt the existing tests for it and
minimize the number of parameters.

Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks @jibel
Test backend selection in adsysservice
f9b58c4 
Add additional tests for backend selection.
For this, we need to export sssd and systemd on the local bus.

Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks
Fix some typos
9519c26
@didrocks @jibel
Fix typos in warnings and EOL
e77796c 
Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks @jibel
Change the way we initialize our sssd backends.
bc6c531 
The initialization only load the static configuration. Then, the Active
Server is loaded (if no static configuration for server is provided)
everytime we request for the server URL. This may this fails at that
stage.
Changing the backend interface signature and move it to the backend
package.

Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks @jibel
Adapt the sssd test to the new backend behaviour
8072566 
As we thus can have another element failing, add more tests to it.
Rename the tests to TestSSSD at the same time as we cover everything
in a single test.

Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks @jibel
Adapt integration tests to new backend selection
e844cba 
Change the config to use sssd by default and don’t bypass the backend
with the static configuration (which does not exists anymore).
Simplify some of the test logic by minimizing the number of parameters.

Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks @jibel
Adapt ad tests to new ServerURL API
aaee94b 
Add more test cases to cover the error expectations that moved from New
to the direct call.

Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks @jibel
Rename error test case to start with Error
fa74796 
Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks
Remove now unused mockAuthorizer
bf5c0c4
@didrocks
Adapt daemon tests to new backend selection
547a5e3 
Remove old config
Only required part of new config, with a static server selected to avoid
relying on dbus for those tests.
@didrocks
Fix default selection for sssd cache directory
fa8860c 
We were pointing to the config instead of the cache constant.
@didrocks
Fix linter warnings
66872c9 
Those were due to leftover unused struct/fields, conforming names,
additional spaces…
@didrocks @jibel
Update documentation
d7e66b0 
Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
@didrocks @denisonbarbosa
Update doc/08.-The-adsys-daemon.md
3652653 
Co-authored-by: Denison Barbosa <denisonbarbosa@users.noreply.github.com>
@didrocks
Address review comment
b76459a
@didrocks didrocks merged commit 57b9be8 into main Oct 20, 2022
@didrocks didrocks deleted the ad_backends branch October 20, 2022 12:05
@GabrielNagy GabrielNagy mentioned this pull request Feb 10, 2024
Closed
2 tasks
GabrielNagy added a commit that referenced this pull request Feb 14, 2024
@GabrielNagy
Allow sssd backend to work without ad_domain
4918afd 
This restores the functionality prior to the refactor in PR #467, where
the case of having a domain section without the ad_domain setting
resorted to using the domain from the sssd.domains setting. This is
valid behavior supported and suggested[1] by sssd.

In addition to that, avoid being too lenient and still raise an error if
the domain section is empty or does not exist.

Fixes #910 / UDENG-2268

[1] https://sssd.io/docs/ad/ad-provider-manual.html#id4
GabrielNagy added a commit that referenced this pull request Feb 14, 2024
@GabrielNagy
Allow sssd backend to work without ad_domain
b29d9ab 
This restores the functionality prior to the refactor in PR #467, where
the case of having a domain section without the ad_domain setting
resorted to using the domain from the sssd.domains setting. This is
valid behavior supported and suggested[1] by sssd.

In addition to that, avoid being too lenient and still raise an error if
the domain section is empty or does not exist.

Fixes #910 / UDENG-2268

[1] https://sssd.io/docs/ad/ad-provider-manual.html#id4
@GabrielNagy GabrielNagy mentioned this pull request Feb 14, 2024
Merged
GabrielNagy added a commit that referenced this pull request Feb 15, 2024
@GabrielNagy
fix: allow sssd backend to work without ad_domain (#912)
e6a0229 
This restores the functionality prior to the refactor in PR #467, where
the case of having a domain section without the `ad_domain` setting
resorted to using the domain from the `sssd.domains` setting. This is
valid behavior supported and
[suggested](https://sssd.io/docs/ad/ad-provider-manual.html#id4) by
sssd.

In addition to that, avoid being too lenient and still raise an error if
the domain section is empty or does not exist.

Fixes #910 / UDENG-2268
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denisonbarbosa denisonbarbosa denisonbarbosa approved these changes

@GabrielNagy GabrielNagy GabrielNagy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@didrocks @codecov-commenter @denisonbarbosa @GabrielNagy