Skip to content

Commit 60a25d9

Browse files
Add IPA IPA Trust Topology Controller
Add "IPATrustIPA" KnownTopology For topology groups some changes are: - Remove "IPATrust" - Add "IPATrustAD" -- includes IPATrustAD and IPATrustSamba - Add "AnyIPATrust" -- includes IPATrustAD, IPATrustSamba, IPATrustIPA
1 parent 936bc82 commit 60a25d9

File tree

5 files changed

+110
-2
lines changed

5 files changed

+110
-2
lines changed

sssd_test_framework/roles/ad.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,13 @@ def fqn(self, name: str) -> str:
177177
"""
178178
return f"{name}@{self.domain}"
179179

180+
@property
181+
def admin_fqn(self) -> str:
182+
"""
183+
Return fully qualified administrator name in form name@domain.
184+
"""
185+
return f"administrator@{self.domain}"
186+
180187
def user(self, name: str, basedn: ADObject | str | None = "cn=users") -> ADUser:
181188
"""
182189
Get user object.

sssd_test_framework/roles/ipa.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,13 @@ def fqn(self, name: str) -> str:
204204
"""
205205
return f"{name}@{self.domain}"
206206

207+
@property
208+
def admin_fqn(self) -> str:
209+
"""
210+
Return fully qualified admin name in form name@domain.
211+
"""
212+
return f"admin@{self.domain}"
213+
207214
def user(self, name: str) -> IPAUser:
208215
"""
209216
Get user object.

sssd_test_framework/roles/samba.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,13 @@ def fqn(self, name: str) -> str:
177177
"""
178178
return f"{name}@{self.domain}"
179179

180+
@property
181+
def admin_fqn(self) -> str:
182+
"""
183+
Return fully qualified administrator name in form name@domain.
184+
"""
185+
return f"administrator@{self.domain}"
186+
180187
def user(self, name: str) -> SambaUser:
181188
"""
182189
Get user object.

sssd_test_framework/topology.py

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
GDMTopologyController,
1515
IPATopologyController,
1616
IPATrustADTopologyController,
17+
IPATrustIPATopologyController,
1718
IPATrustSambaTopologyController,
1819
KeycloakTopologyController,
1920
LDAPTopologyController,
@@ -141,6 +142,17 @@ def test_ldap(client: Client, ldap: LDAP):
141142
.. topology-mark:: KnownTopology.Keycloak
142143
"""
143144

145+
IPATrustIPA = SSSDTopologyMark(
146+
name="ipa-trust-ipa",
147+
topology=Topology(TopologyDomain("sssd", client=1, ipa=1), TopologyDomain("ipa2", ipa=1)),
148+
controller=IPATrustIPATopologyController(),
149+
domains=dict(test="sssd.ipa[0]"),
150+
fixtures=dict(client="sssd.client[0]", ipa="sssd.ipa[0]", trusted="ipa2.ipa[0]"),
151+
)
152+
"""
153+
.. topology-mark:: KnownTopology.IPATrustIPA
154+
"""
155+
144156

145157
class KnownTopologyGroup(KnownTopologyGroupBase):
146158
"""
@@ -173,7 +185,12 @@ def test_ldap(client: Client, provider: GenericProvider):
173185
..topology-mark:: KnownTopologyGroup.AnyDC
174186
"""
175187

176-
IPATrust = [KnownTopology.IPATrustAD, KnownTopology.IPATrustSamba]
188+
IPATrustAD = [KnownTopology.IPATrustAD, KnownTopology.IPATrustSamba]
189+
"""
190+
.. topology-mark:: KnownTopologyGroup.IPATrustAD
191+
"""
192+
193+
AnyIPATrust = [KnownTopology.IPATrustAD, KnownTopology.IPATrustSamba, KnownTopology.IPATrustIPA]
177194
"""
178-
.. topology-mark:: KnownTopologyGroup.IPATrust
195+
.. topology-mark:: KnownTopologyGroup.AnyIPATrust
179196
"""

sssd_test_framework/topology_controllers.py

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
"SambaTopologyController",
1919
"IPATrustADTopologyController",
2020
"IPATrustSambaTopologyController",
21+
"IPATrustIPATopologyController",
2122
"KeycloakTopologyController",
2223
]
2324

@@ -263,3 +264,72 @@ def topology_teardown(self, ipa: IPAHost, keycloak: KeycloakHost) -> None:
263264
ipa.kinit()
264265
ipa.conn.run("ipa idp-del keycloak")
265266
super().topology_teardown()
267+
268+
269+
class IPATrustIPATopologyController(ProvisionedBackupTopologyController):
270+
"""
271+
IPA trust IPA Topology Controller.
272+
"""
273+
274+
@BackupTopologyController.restore_vanilla_on_error
275+
def topology_setup(self, client: ClientHost, ipa: IPAHost, trusted: IPAHost) -> None:
276+
if self.provisioned:
277+
self.logger.info(f"Topology '{self.name}' is already provisioned")
278+
return
279+
280+
# Add ipa-ipa trust COPR and update packages
281+
self.logger.info("Adding COPR and updating packages")
282+
ipa.conn.exec(["dnf", "copr", "enable", "abbra/wip-ipa-trust", "-y"])
283+
client.conn.exec(["dnf", "copr", "enable", "abbra/wip-ipa-trust", "-y"])
284+
trusted.conn.exec(["dnf", "copr", "enable", "abbra/wip-ipa-trust", "-y"])
285+
286+
ipa.conn.exec(["dnf", "update", "freeipa-server", "sssd-client", "-y"])
287+
trusted.conn.exec(["dnf", "update", "freeipa-server", "sssd-client", "-y"])
288+
client.conn.exec(["dnf", "update", "sssd-client", "-y"])
289+
290+
# F40 sssd-kcm fails to start with 'Invalid option --genconf-section=kcm:'
291+
ipa.conn.exec(["systemctl", "restart", "sssd-kcm"])
292+
trusted.conn.exec(["systemctl", "restart", "sssd-kcm"])
293+
294+
# IPA server and the remote domain cannot share the same NetBIOS name: MASTER
295+
trusted.kinit()
296+
trusted.conn.exec(["ipa-adtrust-install", "--netbios-name", "MASTER2", "-U"])
297+
298+
# Create trust
299+
self.logger.info(f"Establishing trust between {ipa.domain} and {trusted.domain}")
300+
301+
ipa.kinit()
302+
ipa.conn.exec(
303+
[
304+
"ipa",
305+
"trust-add",
306+
trusted.domain,
307+
"--admin",
308+
"admin",
309+
"--password",
310+
"--range-type=ipa-ad-trust-posix",
311+
"--type=ipa",
312+
"--two-way=true",
313+
],
314+
input=trusted.adminpw,
315+
)
316+
317+
# Do not enroll client into IPA domain if it is already joined
318+
if "ipa" not in self.multihost.provisioned_topologies:
319+
self.logger.info(f"Enrolling {client.hostname} into {ipa.domain}")
320+
321+
# Remove any existing Kerberos configuration and keytab
322+
client.fs.rm("/etc/krb5.conf")
323+
client.fs.rm("/etc/krb5.keytab")
324+
325+
# Backup ipa-client-install files
326+
client.fs.backup("/etc/ipa")
327+
client.fs.backup("/var/lib/ipa-client")
328+
329+
# Join IPA domain)
330+
client.conn.exec(["realm", "join", ipa.domain], input=ipa.adminpw)
331+
332+
# Backup so we can restore to this state after each test
333+
self.backup_data[ipa] = ipa.backup()
334+
self.backup_data[trusted] = trusted.backup()
335+
self.backup_data[client] = client.backup()

0 commit comments

Comments
 (0)