replace echo config writing with macro

Arden97 · Arden97 · commit 9105286145fc · 2026-05-27T15:50:38.000+02:00
diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh b/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh
@@ -1,36 +1,19 @@
+#!/bin/bash
+# packages = sssd
+
 # sssd.service needs /etc/sssd/sssd.conf to start
-if [ ! -f /etc/sssd/sssd.conf ]; then
-	cat << EOF > /etc/sssd/sssd.conf
-[sssd]
-config_file_version = 2
-services = nss, pam
-domains = example.com
+SSSD_CONF="/etc/sssd/sssd.conf"
+SSSD_CONF_DIR="/etc/sssd/conf.d"
+{{{ bash_sssd_ensure_default_config("$SSSD_CONF", "$SSSD_CONF_DIR") }}}
 
-[domain/example.com]
-{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
-id_provider = proxy
-proxy_lib_name = files
-local_auth_policy = only
-{{%- else %}}
-id_provider = files
-access_provider = simple
-simple_allow_users = user1, user2
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol7', 'ol8', 'ol9', 'rhel8', 'rhel9']%}}
+{{{ bash_ensure_ini_config("$SSSD_CONF $SSSD_CONF_DIR/*.conf", "pam", "pam_cert_auth", "True") }}}
 {{%- endif %}}
 
-[nss]
-filter_groups = root
-filter_users = root
-
-[pam]
-{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
-pam_cert_auth = True
+{{%- if product in ["fedora"] or (('rhel' in product or 'ol' in families) and product not in ['ol7', 'ol8', 'ol9', 'rhel8', 'rhel9']) %}}
+{{{ bash_package_install("sssd-proxy") }}}
+authselect select sssd with-smartcard
+chmod 0640 $SSSD_CONF
+{{%- else %}}
+chmod 0600 $SSSD_CONF
 {{%- endif %}}
-EOF
-	{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
-	dnf install sssd-proxy -y
-	authselect select sssd with-smartcard
-	chmod 0640 /etc/sssd/sssd.conf
-	{{%- else %}}
-	chmod 0600 /etc/sssd/sssd.conf
-	{{%- endif %}}
-fi
diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/tests/correct_value.pass.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/tests/correct_value.pass.sh
@@ -1,6 +1,4 @@
 #!/bin/bash
 # packages = sssd-common
 
-mkdir -p /etc/sssd/conf.d
-touch /etc/sssd/sssd.conf
-echo -e "[sssd]\ncertificate_verification = ocsp_dgst=sha1" >> /etc/sssd/sssd.conf
+{{{ bash_ensure_ini_config("/etc/sssd/sssd.conf", "sssd", "certificate_verification", "ocsp_dgst=sha1") }}}
diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/tests/wrong_value.fail.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/tests/wrong_value.fail.sh
@@ -1,6 +1,4 @@
 #!/bin/bash
 # packages = sssd-common
 
-mkdir -p /etc/sssd/conf.d
-touch /etc/sssd/sssd.conf
-echo -e "[sssd]\ncertificate_verification = ocsp_dgst=sha256" >> /etc/sssd/sssd.conf
+{{{ bash_ensure_ini_config("/etc/sssd/sssd.conf", "sssd", "certificate_verification", "ocsp_dgst=sha256") }}}
diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/tests/wrong_value_not_default.fail.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/tests/wrong_value_not_default.fail.sh
@@ -2,7 +2,5 @@
 # packages = sssd-common
 # variables = var_sssd_certificate_verification_digest_function=sha512
 
-mkdir -p /etc/sssd/conf.d
-touch /etc/sssd/sssd.conf
-echo -e "[sssd]\ncertificate_verification = ocsp_dgst=sha256" >> /etc/sssd/sssd.conf
+{{{ bash_ensure_ini_config("/etc/sssd/sssd.conf", "sssd", "certificate_verification", "ocsp_dgst=sha256") }}}
 
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
@@ -4,8 +4,7 @@
 # remediation = none
 
 SSSD_FILE="/etc/sssd/sssd.conf"
-echo "[pam]" > $SSSD_FILE
-echo "pam_cert_auth = True" >> $SSSD_FILE
+{{{ bash_ensure_ini_config("$SSSD_FILE", "pam", "pam_cert_auth", "True") }}}
 
 authselect select sssd --force
 
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
@@ -3,8 +3,7 @@
 # platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
 
 SSSD_FILE="/etc/sssd/sssd.conf"
-echo "[pam]" > $SSSD_FILE
-echo "pam_cert_auth = True" >> $SSSD_FILE
+{{{ bash_ensure_ini_config("$SSSD_FILE", "pam", "pam_cert_auth", "True") }}}
 
 authselect select sssd --force
 authselect disable-feature with-smartcard
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
@@ -3,8 +3,7 @@
 # platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
 
 SSSD_FILE="/etc/sssd/sssd.conf"
-echo "[pam]" > $SSSD_FILE
-echo "pam_cert_auth = True" >> $SSSD_FILE
+{{{ bash_ensure_ini_config("$SSSD_FILE", "pam", "pam_cert_auth", "True") }}}
 
 authselect select sssd --force
 authselect enable-feature with-smartcard
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh
@@ -3,8 +3,7 @@
 # platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
 
 SSSD_FILE="/etc/sssd/conf.d/unused.conf"
-echo "[pam]" > $SSSD_FILE
-echo "pam_cert_auth = True" >> $SSSD_FILE
+{{{ bash_ensure_ini_config("$SSSD_FILE", "pam", "pam_cert_auth", "True") }}}
 
 authselect select sssd --force
 authselect enable-feature with-smartcard
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
@@ -3,8 +3,7 @@
 # platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
 
 SSSD_FILE="/etc/sssd/sssd.conf"
-echo "[pam]" > $SSSD_FILE
-echo "pam_cert_auth = true" >> $SSSD_FILE
+{{{ bash_ensure_ini_config("$SSSD_FILE", "pam", "pam_cert_auth", "true") }}}
 
 authselect select sssd --force
 authselect enable-feature with-smartcard
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
@@ -3,8 +3,7 @@
 # platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
 
 SSSD_FILE="/etc/sssd/sssd.conf"
-echo "[pam]" > $SSSD_FILE
-echo "pam_cert_auth = False" >> $SSSD_FILE
+{{{ bash_ensure_ini_config("$SSSD_FILE", "pam", "pam_cert_auth", "False") }}}
 
 authselect select sssd --force
 authselect enable-feature with-smartcard
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh
@@ -3,8 +3,7 @@
 # platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
 
 SSSD_FILE="/etc/sssd/conf.d/unused.conf"
-echo "[pam]" > $SSSD_FILE
-echo "pam_cert_auth = False" >> $SSSD_FILE
+{{{ bash_ensure_ini_config("$SSSD_FILE", "pam", "pam_cert_auth", "False") }}}
 
 authselect select sssd --force
 authselect enable-feature with-smartcard
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/tests/correct_value.pass.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/tests/correct_value.pass.sh
@@ -7,6 +7,4 @@ SSSD_CONF="/etc/sssd/sssd.conf"
 TIMEOUT="180"
 
 systemctl enable sssd
-mkdir -p /etc/sssd
-touch $SSSD_CONF
-echo -e "[nss]\nmemcache_timeout = $TIMEOUT" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "nss", "memcache_timeout", "$TIMEOUT") }}}
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/tests/wrong_value.fail.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/tests/wrong_value.fail.sh
@@ -8,6 +8,4 @@ SSSD_CONF="/etc/sssd/sssd.conf"
 TIMEOUT="99999"
 
 systemctl enable sssd
-mkdir -p /etc/sssd
-touch $SSSD_CONF
-echo -e "[nss]\nmemcache_timeout = $TIMEOUT" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "nss", "memcache_timeout", "$TIMEOUT") }}}
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
@@ -4,6 +4,5 @@
 # platform = Oracle Linux 8,Red Hat Enterprise Linux 8
 source common.sh
 
-echo -e "[pam]\noffline_credentials_expiration = 2" >> $SSSD_CONF
-
-echo -e "[domain/EXAMPLE]\ncache_credentials = false" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "pam", "offline_credentials_expiration", "2") }}}
+{{{ bash_ensure_ini_config("$SSSD_CONF", "domain/EXAMPLE", "cache_credentials", "false") }}}
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/correct_value.pass.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/correct_value.pass.sh
@@ -3,6 +3,5 @@
 
 source common.sh
 
-echo -e "[pam]\noffline_credentials_expiration = 1" >> $SSSD_CONF
-
-echo -e "[domain/EXAMPLE]\ncache_credentials = true" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "pam", "offline_credentials_expiration", "1") }}}
+{{{ bash_ensure_ini_config("$SSSD_CONF", "domain/EXAMPLE", "cache_credentials", "true") }}}
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/correct_value_conf_d.pass.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/correct_value_conf_d.pass.sh
@@ -7,7 +7,6 @@
 source common.sh
 
 SSSD_CONF_D_FILE="/etc/sssd/conf.d/unused.conf"
+{{{ bash_ensure_ini_config("$SSSD_CONF_D_FILE", "pam", "offline_credentials_expiration", "1") }}}
 
-echo -e "[pam]\noffline_credentials_expiration = 1" >> $SSSD_CONF_D_FILE
-
-echo -e "[domain/EXAMPLE]\ncache_credentials = true" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "domain/EXAMPLE", "cache_credentials", "true") }}}
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/correct_value_dropin.pass.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/correct_value_dropin.pass.sh
@@ -8,6 +8,5 @@ source common.sh
 
 export SSSD_CONF=/etc/sssd/conf.d/cac.conf
 
-echo -e "[pam]\noffline_credentials_expiration = 1" >> $SSSD_CONF
-
-echo -e "[domain/EXAMPLE]\ncache_credentials = true" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "pam", "offline_credentials_expiration", "1") }}}
+{{{ bash_ensure_ini_config("$SSSD_CONF", "domain/EXAMPLE", "cache_credentials", "true") }}}
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/wrong_value.fail.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/wrong_value.fail.sh
@@ -3,6 +3,5 @@
 
 source common.sh
 
-echo -e "[pam]\noffline_credentials_expiration = 0" >> $SSSD_CONF
-
-echo -e "[domain/EXAMPLE]\ncache_credentials = true" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "pam", "offline_credentials_expiration", "0") }}}
+{{{ bash_ensure_ini_config("$SSSD_CONF", "domain/EXAMPLE", "cache_credentials", "true") }}}
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/wrong_value_conf_d.fail.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/wrong_value_conf_d.fail.sh
@@ -8,6 +8,5 @@ source common.sh
 
 SSSD_CONF_D_FILE="/etc/sssd/conf.d/unused.conf"
 
-echo -e "[pam]\noffline_credentials_expiration = 0" >> $SSSD_CONF_D_FILE
-
-echo -e "[domain/EXAMPLE]\ncache_credentials = true" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF_D_FILE", "pam", "offline_credentials_expiration", "0") }}}
+{{{ bash_ensure_ini_config("$SSSD_CONF", "domain/EXAMPLE", "cache_credentials", "true") }}}
diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/tests/correct_value.pass.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/tests/correct_value.pass.sh
@@ -5,6 +5,4 @@
 # We will configure user to be sssd
 
 systemctl enable sssd
-mkdir -p /etc/sssd/conf.d
-echo -e "[sssd]\nuser = sssd" >> /etc/sssd/conf.d/ospp.conf
-chmod 600 /etc/sssd/conf.d/ospp.conf
+{{{ bash_ensure_ini_config("/etc/sssd/conf.d/ospp.conf", "sssd", "user", "sssd") }}}
diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/tests/correct_value.pass.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/tests/correct_value.pass.sh
@@ -7,6 +7,4 @@ SSSD_CONF="/etc/sssd/sssd.conf"
 TIMEOUT="180"
 
 systemctl enable sssd
-mkdir -p /etc/sssd
-touch $SSSD_CONF
-echo -e "[ssh]\nssh_known_hosts_timeout = $TIMEOUT" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "ssh", "ssh_known_hosts_timeout", "$TIMEOUT") }}}
diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/tests/wrong_value.fail.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/tests/wrong_value.fail.sh
@@ -8,6 +8,4 @@ SSSD_CONF="/etc/sssd/sssd.conf"
 TIMEOUT="99999"
 
 systemctl enable sssd
-mkdir -p /etc/sssd
-touch $SSSD_CONF
-echo -e "[ssh]\nssh_known_hosts_timeout = $TIMEOUT" >> $SSSD_CONF
+{{{ bash_ensure_ini_config("$SSSD_CONF", "ssh", "ssh_known_hosts_timeout", "$TIMEOUT") }}}
