sssd_test_framework.roles.generic

Generic roles used with topology parametrization.

Module Attributes

GroupMemberField

Group member: user, nested group, or string (name / external member / RDN fragment).

Classes

GenericADProvider(*args, **kwargs)	Generic Active Directory provider interface.
GenericAutomount()	Generic automount management.
GenericAutomountKey(role)	Generic automount key management.
GenericAutomountMap(role)	Generic automount map management.
GenericCertificateAuthority()
GenericComputer(role)	Generic computer management.
GenericDNSServer(role)	DNS management utilities.
GenericDNSZone(role)	Generic DNS zone management.
GenericGPO(role)	Generic GPO management.
GenericGroup(role)	Generic group management.
GenericNetgroup(role)	Generic netgroup management.
GenericNetgroupMember(*[, host, user, ng])	Generic netgroup member.
GenericOrganizationalUnit(role)	Generic ou management.
GenericPasswordPolicy(role)	Password policy management.
GenericProvider(*args, **kwargs)	Generic provider interface.
GenericSite(role)	Generic site management.
GenericSudoRule(role)	Generic sudo rule management.
GenericUser(role)	Generic user management.
ProtocolName(*args, **kwargs)	Used to hint that the type must contain name attribute.

class sssd_test_framework.roles.generic.ProtocolName(*args, **kwargs)

Bases: Protocol

Used to hint that the type must contain name attribute.

name: str

class sssd_test_framework.roles.generic.GenericProvider(*args, **kwargs)

Bases: ABC, MultihostRole[BaseHost]

Generic provider interface. All providers implement this interface.

Note

This class provides generic interface for provider roles. It can be used for type hinting only on parametrized tests that runs on multiple topologies.

abstract property domain: str

Domain name.

abstract property realm: str

Kerberos realm.

abstract property name: str

Generic provider name.

abstract property server: str

Generic server name.

abstract property naming_context: str

Naming context.

abstract property features: dict[str, Any]

abstract property firewall: Firewall

abstract property password_policy: GenericPasswordPolicy

Domain password policy management.

Example usage

@pytest.mark.topology(KnownTopologyGroup.Any)
def test_example(client: Client, provider: GenericProvider):
    # Enable password complexity
    provider.password_policy.complexity(enable=True)

    # Set 3 login attempts and 30 lockout duration
    provider.password_policy.lockout(attempts=3, duration=30)

abstractmethod fqn(name: str) → str

Return fully qualified name.

abstractmethod dns() → GenericDNSServer

Get DNS server object.

Get methods use dig and is parsed by jc. The data from jc contains several nested dict, but two are returned as a tuple, answer, authority.

Example usage

# Create forward zone and add forward record
zone = provider.dns().zone("example.test").create()
zone.add_record("client", "172.16.200.15")

# Create reverse zone and add reverse record
zone = provider.dns().zone("10.0.10.in-addr.arpa").create()
zone.add_record("client.example.test", 15)

# Add forward record to default domain
provider.dns().zone(provider.domain).add_record("client", "1.2.3.4")

# Add a global forwarder
provider.dns().add_forwarder("1.1.1.1")

# Remove a global forwarder
provider.dns().remove_forwarder("1.1.1.1")

# Clear all forwarders
provider.dns().clear_forwarders()

abstractmethod user(name: str) → GenericUser

Get user object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_example(client: Client, provider: GenericProvider):
    # Create user
    provider.user('user-1').add()

    # Start SSSD
    client.sssd.start()

    # Call `id user-1` and assert the result
    result = client.tools.id('user-1')
    assert result is not None
    assert result.user.name == 'user-1'

Parameters:

name (str) – Username.

Returns:

New user object.

Return type:

GenericUser

abstractmethod group(name: str) → GenericGroup

Get group object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_example(client: Client, provider: GenericProvider):
    # Create user
    user = provider.user('user-1').add()

    # Create secondary group and add user as a member
    provider.group('group-1').add().add_member(user)

    # Start SSSD
    client.sssd.start()

    # Call `id user-1` and assert the result
    result = client.tools.id('user-1')
    assert result is not None
    assert result.user.name == 'user-1'
    assert result.memberof('group-1')

Parameters:

name (str) – Group name.

Returns:

New group object.

Return type:

GenericGroup

abstractmethod netgroup(name: str) → GenericNetgroup

Get netgroup object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_example_netgroup(client: Client, provider: GenericProvider):
    # Create user
    user = provider.user("user-1").add()

    # Create two netgroups
    ng1 = provider.netgroup("ng-1").add()
    ng2 = provider.netgroup("ng-2").add()

    # Add user and ng2 as members to ng1
    ng1.add_member(user=user)
    ng1.add_member(ng=ng2)

    # Add host as member to ng2
    ng2.add_member(host="client")

    # Start SSSD
    client.sssd.start()

    # Call `getent netgroup ng-1` and assert the results
    result = client.tools.getent.netgroup("ng-1")
    assert result is not None
    assert result.name == "ng-1"
    assert len(result.members) == 2
    assert "(-,user-1,)" in result.members
    assert "(client,-,)" in result.members

Parameters:

name (str) – Netgroup name.

Returns:

New netgroup object.

Return type:

GenericNetgroup

abstractmethod sudorule(name: str) → GenericSudoRule

Get sudo rule object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_example(client: Client, provider: GenericProvider):
    user = provider.user('user-1').add(password="Secret123")
    provider.sudorule('testrule').add(user=user, host='ALL', command='/bin/ls')

    client.sssd.common.sudo()
    client.sssd.start()

    # Test that user can run /bin/ls
    assert client.auth.sudo.run('user-1', 'Secret123', command='/bin/ls')

Parameters:

name (str) – Sudo rule name.

Returns:

New sudo rule object.

Return type:

GenericSudoRule

abstract property automount: GenericAutomount

Manage automount maps and keys.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_example(client: Client, provider: GenericProvider, nfs: NFS):
    nfs_export1 = nfs.export('export1').add()
    nfs_export2 = nfs.export('export2').add()
    nfs_export3 = nfs.export('sub/export3').add()

    # Create automount maps
    auto_master = provider.automount.map('auto.master').add()
    auto_home = provider.automount.map('auto.home').add()
    auto_sub = provider.automount.map('auto.sub').add()

    # Create mount points
    auto_master.key('/ehome').add(info=auto_home)
    auto_master.key('/esub/sub1/sub2').add(info=auto_sub)

    # Create mount keys
    key1 = auto_home.key('export1').add(info=nfs_export1)
    key2 = auto_home.key('export2').add(info=nfs_export2)
    key3 = auto_sub.key('export3').add(info=nfs_export3)

    # Start SSSD
    client.sssd.common.autofs()
    client.sssd.start()

    # Reload automounter in order to fetch updated maps
    client.automount.reload()

    # Check that we can mount all directories on correct locations
    assert client.automount.mount('/ehome/export1', nfs_export1)
    assert client.automount.mount('/ehome/export2', nfs_export2)
    assert client.automount.mount('/esub/sub1/sub2/export3', nfs_export3)

    # Check that the maps are correctly fetched
    assert client.automount.dumpmaps() == {
        '/ehome': {
            'map': 'auto.home',
            'keys': [str(key1), str(key2)]
        },
        '/esub/sub1/sub2': {
            'map': 'auto.sub',
            'keys': [str(key3)]
        },
    }

abstract property ca: GenericCertificateAuthority

Certificate Authority management.

Provides certificate operations across different providers.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
def test_certificate_operations(client: Client, provider: GenericProvider):
    # Request certificate
    cert, key, csr = provider.ca.request(...)

    # Revoke certificate
    provider.ca.revoke(cert, reason="key_compromise")

    # Place certificate on hold
    provider.ca.revoke_hold(cert)

    # Remove hold
    provider.ca.revoke_hold_remove(cert)

    # Get certificate details
    cert_details = provider.ca.get(cert)

class sssd_test_framework.roles.generic.GenericADProvider(*args, **kwargs)

Bases: GenericProvider

Generic Active Directory provider interface. Active Directory and Samba providers implements this interface.

Note

This class provides generic interface for Active Directory-based roles. It can be used for type hinting only on parametrized tests that runs on both Samba and Active Directory.

abstract property domain: str

Active Directory domain name.

abstractmethod fqn(name: str) → str

Return fully qualified name in form name@domain.

abstract property naming_context: str

Return domain naming context in form of dc=domain,dc=com.

abstract property dn: str

Distinguished Name.

abstract property firewall: Firewall

abstractmethod ou(name: str) → GenericOrganizationalUnit

Get OU object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyAD)
def test_example(client: Client, provider: GenericADProvider):
    # Create OU
    provider.ou("test_ou").add()

Parameters:

name (str) – OU name.

Returns:

OU object.

Return type:

GenericOrganizationalUnit

abstractmethod computer(name: str) → GenericComputer

Get computer object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyAD)
def test_example(client: Client, provider: GenericADProvider):
    # Create a new OU
    ou = provider.ou("test_ou").add().dn

    # Moves a computer object, takes the hostname and gets the shortname
    provider.computer(client.host.hostname.split("."[0])).move(ou)

Parameters:

name (str) – Computer name.

Returns:

OU object.

Return type:

GenericComputer

abstractmethod site(name: str) → GenericSite

Get site object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyAD)
def test_example(client: Client, provider: GenericADProvider):
    # Create New Site, this name cannot contain spaces
    site = provider.site('New-Site').add()

Parameters:

name (str, cannot contain spaces) – Site name.

Returns:

Site object.

Return type:

GenericSite

abstractmethod gpo(name: str) → GenericGPO

Get group policy object.

Example usage

@pytest.mark.topology(KnownTopologyGroup.AnyAD)
def test_gpo_is_set_to_enforcing(client: Client, provider: GenericADProvider):
    user = provider.user("user").add()
    allow_user = provider.user("allow_user").add()
    deny_user = provider.user("deny_user").add()

    provider.gpo("test policy").add().policy(
        {
        "SeInteractiveLogonRight": [allow_user, provider.group("Domain Admins")],
        "SeRemoteInteractiveLogonRight": [allow_user, provider.group("Domain Admins")],
        "SeDenyInteractiveLogonRight": [deny_user],
        "SeDenyRemoteInteractiveLogonRight": [deny_user],
        }
    ).link()

    client.sssd.domain["ad_gpo_access_control"] = "enforcing"
    client.sssd.start()

    assert client.auth.ssh.password(username="allow_user", password="Secret123")
    assert not client.auth.ssh.password(username="user", password="Secret123")
    assert not client.auth.ssh.password(username="deny_user", password="Secret123")

class sssd_test_framework.roles.generic.GenericOrganizationalUnit(role: RoleType)

Bases: ABC, BaseObject

Generic ou management.

abstract property name

OU name.

abstractmethod add(name: str) → GenericOrganizationalUnit

Create a new OU. :param name: :type name: str :return: self :rtype: GenericOrganizationalUnit

class sssd_test_framework.roles.generic.GenericPasswordPolicy(role: RoleType)

Bases: ABC, BaseObject

Password policy management.

abstractmethod complexity(enable: bool) → GenericPasswordPolicy

Enable or disable password complexity.

Parameters:

enable (bool) – Enable or disable password complexity.

Returns:

GenericPasswordPolicy object.

Return type:

GenericPasswordPolicy

abstractmethod lockout(duration: int, attempts: int) → GenericPasswordPolicy

Set lockout duration and login attempts.

Parameters:

• duration (int) – Duration of lockout in seconds.

• attempts (int) – Number of login attempts.

Returns:

GenericPasswordPolicy object.

Return type:

GenericPasswordPolicy

class sssd_test_framework.roles.generic.GenericUser(role: RoleType)

Bases: ABC, BaseObject

Generic user management.

abstract property name

User name.

abstractmethod add(*, uid: int | None = None, gid: int | None = None, password: str = 'Secret123', home: str | None = None, gecos: str | None = None, shell: str | None = None, email: str | None = None) → GenericUser

Create a new user.

Parameters that are not set are ignored.

Parameters:

• uid (int | None, optional) – User id, defaults to None

• gid (int | None, optional) – Primary group id, defaults to None

• password (str, optional) – User password, defaults to ‘Secret123’

• home (str | None, optional) – Home directory, defaults to None

• gecos (str | None, optional) – GECOS, defaults to None

• shell (str | None, optional) – Login shell, defaults to None

• email (str | None, optional) – email attribute, defaults to None

Returns:

Self.

Return type:

GenericUser

abstractmethod modify(*, uid: int | None = None, gid: int | None = None, password: str | None = None, home: str | None = None, gecos: str | None = None, shell: str | None = None, email: str | None = None) → GenericUser

Modify existing user.

Parameters that are not set are ignored.

Parameters:

• uid (int | None, optional) – User id, defaults to None

• gid (int | None, optional) – Primary group id, defaults to None

• password (str, optional) – Password, defaults to None

• home (str | None, optional) – Home directory, defaults to None

• gecos (str | None, optional) – GECOS, defaults to None

• shell (str | None, optional) – Login shell, defaults to None

• email (str | None, optional) – email attribute, defaults to None

Returns:

Self.

Return type:

GenericUser

abstractmethod reset(password: str | None = 'Secret123') → GenericUser

Reset user password.

Parameters:

password (str, optional) – Password, defaults to ‘Secret123’

Returns:

Self.

Return type:

GenericUser

abstractmethod expire(expiration: str | None = '19700101000000') → GenericUser

Set user password expiration date and time.

Parameters:

expiration (str, optional) – Date and time for user password expiration, defaults to 19700101000000

Returns:

Self.

Return type:

GenericUser

abstractmethod password_change_at_logon(**kwargs) → GenericUser

Force user to change password next logon.

The LDAP provider needs to administratively reset the user password to trigger the password change. Making the key word argument ‘password’ required by LDAP but will be ignored by others..

Returns:

Self.

Return type:

GenericUser

abstractmethod delete() → None

Delete the user.

abstractmethod get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get user attributes.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – If True, include operational attributes (LDAP only), defaults to False

Returns:

Dictionary with attribute name as a key, or None if not found.

Return type:

dict[str, list[str]] | None

abstractmethod passkey_add(passkey_mapping: str) → GenericUser

Add passkey mapping to the user.

Parameters:

passkey_mapping (str) – Passkey mapping generated by sssctl passkey-register

Returns:

Self.

Return type:

GenericUser

abstractmethod passkey_remove(passkey_mapping: str) → GenericUser

Remove passkey mapping from the user.

Parameters:

passkey_mapping (str) – Passkey mapping generated by sssctl passkey-register

Returns:

Self.

Return type:

GenericUser.

class sssd_test_framework.roles.generic.GenericGroup(role: RoleType)

Bases: ABC, BaseObject

Generic group management.

abstract property name

Group name.

abstractmethod add(*, gid: int | None = None, description: str | None = None) → GenericGroup

Create a new group.

Parameters that are not set are ignored.

Parameters:

• gid (int | None, optional) – Group id, defaults to None

• description (str | None, optional) – Description, defaults to None

Returns:

Self.

Return type:

GenericGroup

abstractmethod modify(*, gid: int | None = None, description: str | None = None) → GenericGroup

Modify existing group.

Parameters that are not set are ignored.

Parameters:

• gid (int | None, optional) – Group id, defaults to None

• description (str | None, optional) – Description, defaults to None

Returns:

Self.

Return type:

GenericGroup

abstractmethod delete() → None

Delete the group.

abstractmethod get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get group attributes.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – If True, include operational attributes (LDAP only), defaults to False

Returns:

Dictionary with attribute name as a key, or None if not found.

Return type:

dict[str, list[str]] | None

abstractmethod add_member(member: GenericUser | GenericGroup | str) → GenericGroup

Add group member.

Parameters:

member (GroupMemberField) – User, group, or member name / external principal string.

Returns:

Self.

Return type:

GenericGroup

abstractmethod add_members(members: list[GenericUser | GenericGroup | str]) → GenericGroup

Add multiple group members.

Parameters:

members (list[GroupMemberField]) – List of users, groups, or member name strings.

Returns:

Self.

Return type:

GenericGroup

abstractmethod remove_member(member: GenericUser | GenericGroup | str) → GenericGroup

Remove group member.

Parameters:

member (GroupMemberField) – User, group, or member name / external principal string.

Returns:

Self.

Return type:

GenericGroup

abstractmethod remove_members(members: list[GenericUser | GenericGroup | str]) → GenericGroup

Remove multiple group members.

Parameters:

members (list[GroupMemberField]) – List of users, groups, or member name strings.

Returns:

Self.

Return type:

GenericGroup

class sssd_test_framework.roles.generic.GenericComputer(role: RoleType)

Bases: ABC, BaseObject

Generic computer management.

abstract property name

Computer name.

abstractmethod move(target: str) → GenericComputer

Move a computer object. :param target: Target path. :type target: str :return: Self. :rtype: GenericComputer

class sssd_test_framework.roles.generic.GenericSite(role: RoleType)

Bases: ABC, BaseObject

Generic site management.

abstract property name

Site name.

abstractmethod add() → GenericSite

Create new site.

Returns:

Self.

Type:

GenericSite

class sssd_test_framework.roles.generic.GenericNetgroup(role: RoleType)

Bases: ABC, BaseObject

Generic netgroup management.

abstract property name

Netgroup name.

abstractmethod add() → GenericNetgroup

Create a new netgroup.

Returns:

Self.

Return type:

GenericNetgroup

abstractmethod delete() → None

Delete the netgroup.

abstractmethod get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get netgroup attributes.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – If True, include operational attributes (LDAP only), defaults to False

Returns:

Dictionary with attribute name as a key, or None if not found.

Return type:

dict[str, list[str]] | None

abstractmethod add_member(*, host: str | None = None, user: GenericUser | str | None = None, ng: GenericNetgroup | str | None = None) → GenericNetgroup

Add netgroup member.

Parameters:

• host (str | None, optional) – Host, defaults to None

• user (GenericUser | str | None, optional) – User, defaults to None

• ng (GenericNetgroup | str | None, optional) – Netgroup, defaults to None

Returns:

Self.

Return type:

GenericNetgroup

abstractmethod add_members(members: list[GenericNetgroupMember]) → GenericNetgroup

Add multiple netgroup members at once.

Parameters:

members (list[GenericNetgroupMember]) – List of netgroup members to add.

Returns:

Self.

Return type:

GenericNetgroup

abstractmethod remove_member(*, host: str | None = None, user: GenericUser | str | None = None, ng: GenericNetgroup | str | None = None) → GenericNetgroup

Remove netgroup member.

Parameters:

• host (str | None, optional) – Host, defaults to None

• user (GenericUser | str | None, optional) – User, defaults to None

• ng (GenericNetgroup | str | None, optional) – Netgroup, defaults to None

Returns:

Self.

Return type:

GenericNetgroup

abstractmethod remove_members(members: list[GenericNetgroupMember]) → GenericNetgroup

Remove multiple netgroup members.

Parameters:

members (list[GenericNetgroupMember]) – List of netgroup members to remove.

Returns:

Self.

Return type:

GenericNetgroup

class sssd_test_framework.roles.generic.GenericNetgroupMember(*, host: str | None = None, user: GenericUser | ProtocolName | str | None = None, ng: GenericNetgroup | ProtocolName | str | None = None)

Bases: object

Generic netgroup member.

Note

This is a essentially a NIS Netgroup Triple, but we have to omit the domain part as it is not supported by FreeIPA. In addition to the triple, it can also hold a netgroup as a member.

Parameters:

• host (str | None, optional) – Host, defaults to None

• user (GenericUser | ProtocolName | str | None, optional) – User, defaults to None

• ng (GenericNetgroup | ProtocolName | str | None, optional) – Netgroup, defaults to None

host: str | None

Member host.

user: str | None

Member user.

netgroup: str | None

Member netgroup.

triple() → str | None

NIS netgroup triple string (host,user,).

LDAPNetgroupMember overrides this when a domain field is set. LocalNetgroupMember uses LocalNetgroupMember.to_member_string() instead.

Returns:

Triple string, or None if the member is only a nested netgroup.

Return type:

str | None

class sssd_test_framework.roles.generic.GenericSudoRule(role: RoleType)

Bases: ABC, BaseObject

Generic sudo rule management.

abstract property name

Sudo rule name.

abstractmethod add(*, user: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None = None, host: str | ProtocolName | list[str | ProtocolName] | None = None, command: str | ProtocolName | list[str | ProtocolName] | None = None, option: str | list[str] | None = None, runasuser: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None = None, runasgroup: str | GenericGroup | ProtocolName | list[str | GenericGroup | ProtocolName] | None = None, order: int | None = None, nopasswd: bool | None = None) → GenericSudoRule

Create new sudo rule.

Parameters:

• user (SudoRuleUserField, optional) – sudoUser attribute, defaults to None

• host (SudoRuleHostField, optional) – sudoHost attribute, defaults to None

• command (SudoRuleCommandField, optional) – sudoCommand attribute, defaults to None

• option (str | list[str] | None, optional) – sudoOption attribute, defaults to None

• runasuser (SudoRuleRunAsUserField, optional) – sudoRunAsUser attribute, defaults to None

• runasgroup (SudoRuleRunAsGroupField, optional) – sudoRunAsGroup attribute, defaults to None

• order (int | None, optional) – sudoOrder attribute, defaults to None

• nopasswd (bool | None, optional) – If true, no authentication is required (NOPASSWD), defaults to None (no change)

Returns:

Self.

Return type:

GenericSudoRule

abstractmethod modify(*, user: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None = None, host: str | ProtocolName | list[str | ProtocolName] | None = None, command: str | ProtocolName | list[str | ProtocolName] | None = None, option: str | list[str] | None = None, runasuser: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None = None, runasgroup: str | GenericGroup | ProtocolName | list[str | GenericGroup | ProtocolName] | None = None, order: int | None = None, nopasswd: bool | None = None) → GenericSudoRule

Modify existing sudo rule.

Parameters:

• user (SudoRuleUserField, optional) – sudoUser attribute, defaults to None

• host (SudoRuleHostField, optional) – sudoHost attribute, defaults to None

• command (SudoRuleCommandField, optional) – sudoCommand attribute, defaults to None

• option (str | list[str] | None, optional) – sudoOption attribute, defaults to None

• runasuser (SudoRuleRunAsUserField, optional) – sudoRunAsUser attribute, defaults to None

• runasgroup (SudoRuleRunAsGroupField, optional) – sudoRunAsGroup attribute, defaults to None

• order (int | None, optional) – sudoOrder attribute, defaults to None

• nopasswd (bool | None, optional) – If true, no authentication is required (NOPASSWD), defaults to None (no change)

Returns:

Self.

Return type:

GenericSudoRule

abstractmethod delete() → None

Delete the sudo rule.

abstractmethod get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get sudo rule attributes.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – If True, include operational attributes (LDAP only), defaults to False

Returns:

Dictionary with attribute name as a key, or None if not found.

Return type:

dict[str, list[str]] | None

class sssd_test_framework.roles.generic.GenericAutomount

Bases: ABC

Generic automount management.

abstractmethod map(name: str) → GenericAutomountMap

Get automount map object.

Parameters:

name (str) – Automount map name.

Returns:

New automount map object.

Return type:

GenericAutomountMap

abstractmethod key(name: str, map: GenericAutomountMap) → GenericAutomountKey

Get automount key object.

Parameters:

• name (str) – Automount key name.

• map (GenericAutomountMap) – Automount map that is a parent to this key.

Returns:

New automount key object.

Return type:

GenericAutomountKey

class sssd_test_framework.roles.generic.GenericAutomountMap(role: RoleType)

Bases: ABC, BaseObject

Generic automount map management.

abstract property name

Automount map name.

abstractmethod add() → GenericAutomountMap

Create new automount map.

Returns:

Self.

Return type:

GenericAutomountMap

abstractmethod key(name: str) → GenericAutomountKey

Get automount key object for this map.

Parameters:

name (str) – Automount key name.

Returns:

New automount key object.

Return type:

GenericAutomountKey

abstractmethod delete() → None

Delete the automount map.

abstractmethod get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get automount map attributes.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – If True, include operational attributes (LDAP only), defaults to False

Returns:

Dictionary with attribute name as a key, or None if not found.

Return type:

dict[str, list[str]] | None

class sssd_test_framework.roles.generic.GenericAutomountKey(role: RoleType)

Bases: ABC, BaseObject

Generic automount key management.

abstract property name

Automount key name.

abstractmethod add(*, info: str | NFSExport | GenericAutomountMap) → GenericAutomountKey

Create new automount key.

Parameters:

info (str | NFSExport | GenericAutomountMap) – Automount information.

Returns:

Self.

Return type:

GenericAutomountKey

abstractmethod modify(*, info: str | NFSExport | GenericAutomountMap | None = None) → GenericAutomountKey

Modify existing automount key.

Parameters:

info (str | NFSExport | GenericAutomountMap | None) – Automount information, defaults to None

Returns:

Self.

Return type:

GenericAutomountKey

abstractmethod delete() → None

Delete the automount key.

abstractmethod get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get automount key attributes.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – If True, include operational attributes (LDAP only), defaults to False

Returns:

Dictionary with attribute name as a key, or None if not found.

Return type:

dict[str, list[str]] | None

abstractmethod dump() → str

Dump the key in the automount -m format.

export1 | -fstype=nfs,rw,sync,no_root_squash nfs.test:/dev/shm/exports/export1

You can also call str(key) instead of key.dump().

Returns:

Key information in automount -m format.

Return type:

str

class sssd_test_framework.roles.generic.GenericGPO(role: RoleType)

Bases: ABC, BaseObject

Generic GPO management.

abstract property name

GPO name.

abstractmethod get(key: str) → str | None

Get GPO attribute.

Parameters:

key (str) – Attribute key.

Returns:

Attribute value, optional

Return type:

str | None

abstractmethod delete() → None

Delete GPO.

abstractmethod add() → GenericGPO

Add GPO.

abstractmethod link(target: str | None = None, enforced: bool | None = False, disabled: bool | None = False) → GenericGPO

Link GPO.

Parameters:

• target (str | None) – Target location, optional.

• enforced (bool | None) – Enforce boolean.

• disabled (bool | None) – Disabled boolean.

Returns:

Self.

Return type:

GenericGPO

abstractmethod unlink() → None

Unlink GPO.

abstractmethod permissions(target: str, permission_level: str, target_type: str | None = 'Group') → GenericGPO

Configure GPO permissions.

Parameters:

• target (str | None) – Target location

• permission_level (str) – Permission level

• target_type (str | None = "Group") – Target type, defaults to “Group”

Returns:

Self.

Return type:

GenericGPO

abstractmethod policy(logon_rights: dict[str, list[Any]], cfg: dict[str, Any] | None = None) → GenericGPO

GPO configuration.

Parameters:

• logon_rights (dict[str, list[Any]]) – Logon rights.

• cfg (dict[str, Any] | None) – Extra configuration parameters.

Returns:

Self.

Return type:

GenericGPO

class sssd_test_framework.roles.generic.GenericDNSServer(role: RoleType)

Bases: ABC, BaseObject

DNS management utilities.

abstractmethod zone(name: str) → GenericDNSZone

Get GenericDNSZone object.

Parameters:

name (str) – Zone name.

Returns:

GenericDNSZone object.

Return type:

GenericDNSZone

abstractmethod get_forwarders() → list[str]

Get DNS global forwarders.

Returns:

List of forwarders.

Return type:

list[str]

abstractmethod add_forwarder(ip_address: str) → GenericDNSServer

Add a DNS server forwarder.

Parameters:

ip_address (str) – IP address.

Returns:

Self.

Return type:

GenericDNSServer

abstractmethod remove_forwarder(ip_address: str) → None

Remove a DNS server forwarder.

Parameters:

ip_address (str) – IP address.

abstractmethod clear_forwarders() → None

Clear all DNS server forwarders.

abstractmethod list_zones() → list[str]

List all DNS zones.

class sssd_test_framework.roles.generic.GenericDNSZone(role: RoleType)

Bases: GenericDNSServer

Generic DNS zone management.

abstractmethod create() → GenericDNSZone

Create DNS zone.

Returns:

Self.

Return type:

GenericDNSZone

abstractmethod delete() → None

Delete DNS zone.

Returns:

None

Return type:

None

abstractmethod add_record(name: str, data: str | int) → GenericDNSZone

Add DNS record.

Parameters:

• name (str) – Record name.

• data (str | int) – Record data.

Returns:

GenericDNSZone object.

Return type:

GenericDNSZone

abstractmethod delete_record(name: str) → None

Delete DNS record, both forward and reverse records are deleted.

Parameters:

name (str) – Name of the record.

abstractmethod print() → str

Print zone data as text.

Returns:

Printed file as text.

Return type:

str

class sssd_test_framework.roles.generic.GenericCertificateAuthority

Bases: ABC

abstractmethod request(*args, **kwargs) → tuple[str, str, str]

Returns:

A tuple of (certificate_path, key_path, csr_path).

Return type:

tuple[str, str, str]

abstractmethod revoke(cert_path: str, reason: str = 'unspecified') → None

Revoke a certificate.

Parameters:

• cert_path (str) – Path to the certificate file.

• reason (str) – Reason for revocation.

abstractmethod revoke_hold(cert_path: str) → None

Place a certificate on hold.

Parameters:

cert_path (str) – Path to the certificate file.

abstractmethod revoke_hold_remove(cert_path: str) → None

Remove hold from a certificate.

Parameters:

cert_path (str) – Path to the certificate file.

abstractmethod get(cert_path: str) → dict[str, list[str]]

Retrieve certificate details.

Parameters:

cert_path (str) – Path to the certificate file.

Returns:

A dictionary of certificate attributes.

Return type:

dict[str, list[str]]

sssd_test_framework.roles.generic.GroupMemberField = sssd_test_framework.roles.generic.GenericUser | sssd_test_framework.roles.generic.GenericGroup | str

Group member: user, nested group, or string (name / external member / RDN fragment).