Skip to content

Commit

Permalink
sssd: add common configuration for proxy domain
Browse files Browse the repository at this point in the history
Create a module that will configure proxy in client machine.
  • Loading branch information
aborah-sudo committed Sep 16, 2023
1 parent bc8989a commit 4c4f0f8
Showing 1 changed file with 73 additions and 1 deletion.
74 changes: 73 additions & 1 deletion sssd_test_framework/utils/sssd.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@

import configparser
from io import StringIO
from typing import TYPE_CHECKING
from typing import TYPE_CHECKING, Literal

from pytest_mh import MultihostHost, MultihostRole, MultihostUtility
from pytest_mh.ssh import SSHLog, SSHProcess, SSHProcessResult

from ..hosts.base import BaseDomainHost
from ..misc import to_list

if TYPE_CHECKING:
from pytest_mh.utils.fs import LinuxFileSystem
Expand Down Expand Up @@ -783,3 +784,74 @@ def autofs(self) -> None:
"""
self.sssd.authselect.select("sssd")
self.sssd.enable_responder("autofs")

def proxy(
self,
proxy: Literal["files", "ldap"] = "files",
provider: str | list[str] = "id",
proxy_pam_target: str | None = None,
proxy_pam_stack: str | None = None,
server_hostname: str | None = None,
domain: str | None = None,
):
"""
Configure files or ldap proxy domain.
:param proxy: ``ldap`` or ``files``, defaults to ``files``
:type proxy: Literal["files", "ldap"]
:param provider: SSSD providers (``id``, ``auth``, ``chpass``, ...), defaults to ``id``
:type provider: str | list[str]
:param proxy_pam_target: SSSD option proxy_pam_target, defaults to
``None`` (= ``system-auth`` (files), ``sssdproxyldap`` (ldap))
:type proxy_pam_target: str | None
:param proxy_pam_stack: Custom PAM stack written to
/etc/pam.d/@proxy_pam_target, defaults to ``None`` (= ignored (files), pam_ldap.so (ldap))
:type proxy_pam_stack: str | None
:param server_hostname: LDAP server hostname for ldap proxy (ldap), ignored (files), defaults to ``None``
:type server_hostname: str | None
:param domain: Proxy domain name, defaults to None (= default domain)
:type domain: str | None, optional
"""
if domain is None:
domain = self.sssd.default_domain

if domain is None:
raise ValueError("No domain specified!")

match proxy:
case "ldap":
if proxy_pam_target is None:
proxy_pam_target = "sssdproxyldap"

if proxy_pam_stack is None:
proxy_pam_stack = """
auth required pam_ldap.so
account required pam_ldap.so
password required pam_ldap.so
session required pam_ldap.so
"""

if server_hostname is None:
raise ValueError("No server_hostname specified!")

self.sssd.fs.write(
"/etc/nslcd.conf", f"uid nslcd\ngid ldap\nuri ldap://{server_hostname}\n", dedent=False
)
self.sssd.svc.restart("nslcd")
case "files":
if proxy_pam_target is None:
proxy_pam_target = "system-auth"
case _:
raise ValueError(f"Unknown proxy type: {proxy}")

if proxy_pam_stack is not None:
self.sssd.fs.write(f"/etc/pam.d/{proxy_pam_target}", proxy_pam_stack)

options = {
"proxy_lib_name": proxy,
"proxy_pam_target": proxy_pam_target,
**{f"{x}_provider": "proxy" for x in to_list(provider)},
}

self.sssd.dom(domain).clear()
self.sssd.dom(domain).update(options)

0 comments on commit 4c4f0f8

Please sign in to comment.