tests(e2e): Configure AD before starting test suite #828
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GabrielNagy
commented
Oct 27, 2023
| } | ||
|
|
||
| # Create users | ||
| $password = ConvertTo-SecureString -String 'supersecretpassword' -AsPlainText -Force |
There was a problem hiding this comment.
Happy to obfuscate this "secret" - we would need a separate env variable to store the user password and pass it to this script via CLI argument from Go.
As an alternative, to avoid password authentication altogether, we can use a global authorized key file to be able to SSH as any account using the same key (as described in https://serverfault.com/questions/434896/ssh-one-authorized-keys-for-multiple-service-accounts). I kind of prefer this solution.
Integrate the empty MULTI_SZ parsing GPPolParser fix[1] by monkey patching the affected method until the change trickles down to the next release (probably next Ubuntu LTS...) [1] https://gitlab.com/samba-team/samba/-/merge_requests/3290
Nesting the GPO directories will give us a hard time when it comes to replicate the structure on the Windows machine, so opt for the following approach: - create assets/ directory which will store GPOs and other sysvol assets - put all GPOs at top-level - replicate User/Machine structure of GPOs - create GPT.INI with version higher than 0 to ensure changes are picked up With this approach we can iterate over all directories and recursively copy their contents to SYSVOL/Policies.
In case it doesn't exist. This will help when recursively uploading the GPO structure to the Windows machine.
The workflow is described in the Go/PowerShell scripts for the most part, but at a high level the new 02_provision_ad step achieves the following: - converts XML GPOs to POL - uploads GPO structure to the DC under a client-specific path - uploads and runs the PowerShell script responsible for creating client-specific OUs, GPOs and users Fixes UDENG-1535
Standardize on a path so we can rely on the default instead of specifying the key via CLI.
These are generated on the fly from their XML counterparts before configuring the domain controller.
GabrielNagy
force-pushed
the
e2e-configure-ad
branch
from
fd816e5
to
b94ed17
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The workflow is described in the Go/PowerShell scripts for the most part, but at a high level the new
02_provision_adstep achieves the following:The PR contains more changes best reviewed commit by commit.
Fixes UDENG-1535