On 03/03/2014 08:24 PM, Tomas Babej wrote:
> Hi,
> Makes ipa-client-install configure SSSD as the data provider
> for the sudo service by default. This behaviour can be disabled
> by using --no-sudo flag.
> https://fedorahosted.org/freeipa/ticket/3358

By the way when I was discussing this ticket with Jan Pazdziora, he had a good
suggestion that it would be nice if we have a test for sudo integration.

Given that SUDO management in FreeIPA is pretty widely used and given that this
ticket now makes it much more easier to configure and use it, it would be nice
to make our best to avoid breaking it upstream.

Having an integration test which would add some sudo rules, some targeted
directly on the given host entry, some targeted on a hostgroup with that entry
and then testing if "sudo -l" gives correct results would be great. If we also
test the more complicated SUDO options like -runasuser, -runasgroup with
isolated user/group, it would be great.

I am not sure if ipatests/test_xmlrpc/test_sudorule_plugin.py should be
extended to also do the functional checks or if there should be a separate
test, I will leave that up to you and Petr (CCed).


Freeipa-devel mailing list

Reply via email to