Skip to content

Commit

Permalink
Support with-tlog authselect feature
Browse files Browse the repository at this point in the history
authselect removes with-files-domain feature in F40+/RHEL10+,
it is replace with the 'with-tlog' feature.
  • Loading branch information
justin-stephenson committed Jan 29, 2024
1 parent 5cfe6a0 commit 05ec765
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 2 deletions.
14 changes: 12 additions & 2 deletions tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,17 +73,27 @@
when: tlog_use_sssd
notify: Handler tlog_handler restart sssd

- name: Check with-files-domain feature exists
- name: Check appropriate authselect features exists
command: authselect list-features sssd
register: __tlog_authselect_features
changed_when: false

- name: Check if files domain is currently enabled
- name: Enable authselect profile with tlog feature
command: authselect select sssd with-tlog --force
when:
- not ansible_check_mode
- tlog_use_sssd | bool
- '"with-tlog" in __tlog_authselect_features.stdout'

- name: Check which authselect features are currently enabled
command: authselect current
register: __tlog_authselect_current
changed_when: false
failed_when: __tlog_authselect_current.rc not in [0, 2]

notify: Handler tlog_handler restart sssd
changed_when: true

- name: Update nsswitch
command: authselect select sssd with-files-domain --force
when:
Expand Down
28 changes: 28 additions & 0 deletions tests/check_sssd_with_tlog.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
- name: Check with-tlog feature exists
command: authselect list-features sssd
register: __tlog_authselect_features
changed_when: false

- name: Check if files domain is currently enabled
command: authselect current
register: __tlog_authselect_current
changed_when: false
failed_when: __tlog_authselect_current.rc not in [0, 2]

- name: Read nsswitch.conf
slurp:
src: /etc/nsswitch.conf
register: __nsswitch_slurp

- name: Decode nsswitch content
set_fact:
__nsswitch_contents: "{{ __nsswitch_slurp['content'] | b64decode }}"

- name: Check if files domain enabled and nsswitch set correctly
assert:
that:
- __nsswitch_contents | regex_search('^passwd:\\s+sss', multiline=True)
- '"with-tlog" in __tlog_authselect_current.stdout'
when:
- '"with-tlog" in __tlog_authselect_features.stdout'

0 comments on commit 05ec765

Please sign in to comment.