refactor common.sh script for service_sssd_enabled

Arden97 · Arden97 · commit dd501fe6ad20 · 2026-05-29T09:49:55.000+02:00
diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh b/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh
@@ -1,36 +1,16 @@
 # sssd.service needs /etc/sssd/sssd.conf to start
-if [ ! -f /etc/sssd/sssd.conf ]; then
-	cat << EOF > /etc/sssd/sssd.conf
-[sssd]
-config_file_version = 2
-services = nss, pam
-domains = example.com
+SSSD_CONF="/etc/sssd/sssd.conf"
+SSSD_CONF_DIR="/etc/sssd/conf.d"
+{{{ bash_sssd_ensure_default_config("$SSSD_CONF", "$SSSD_CONF_DIR") }}}
 
-[domain/example.com]
-{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
-id_provider = proxy
-proxy_lib_name = files
-local_auth_policy = only
-{{%- else %}}
-id_provider = files
-access_provider = simple
-simple_allow_users = user1, user2
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol7', 'ol8', 'ol9', 'rhel8', 'rhel9']%}}
+{{{ bash_ensure_ini_config("$SSSD_CONF $SSSD_CONF_DIR/*.conf", "pam", "pam_cert_auth", "True") }}}
 {{%- endif %}}
 
-[nss]
-filter_groups = root
-filter_users = root
-
-[pam]
-{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
-pam_cert_auth = True
+{{%- if product in ["fedora"] or (('rhel' in product or 'ol' in families) and product not in ['ol7', 'ol8', 'ol9', 'rhel8', 'rhel9']) %}}
+{{{ bash_package_install("sssd-proxy") }}}
+authselect select sssd with-smartcard
+chmod 0640 $SSSD_CONF
+{{%- else %}}
+chmod 0600 $SSSD_CONF
 {{%- endif %}}
-EOF
-	{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
-	dnf install sssd-proxy -y
-	authselect select sssd with-smartcard
-	chmod 0640 /etc/sssd/sssd.conf
-	{{%- else %}}
-	chmod 0600 /etc/sssd/sssd.conf
-	{{%- endif %}}
-fi
