def test_handle_on_chpasswd_list_creates_random_passwords(
self, m_subp, m_multi_log):
"""handle parses command set random passwords."""
cloud = self.tmp_cloud(distro='ubuntu')
valid_random_pwds = ['root:R', 'ubuntu:RANDOM']
cfg = {'chpasswd': {'expire': 'false', 'list': valid_random_pwds}}
with mock.patch.object(setpass, 'chpasswd') as chpasswd:
setpass.handle('IGNORED',
cfg=cfg,
cloud=cloud,
log=self.logger,
args=[])
self.assertIn('DEBUG: Handling input for chpasswd as list.',
self.logs.getvalue())
self.assertEqual(1, chpasswd.call_count)
passwords, _ = chpasswd.call_args
user_pass = {
user: password
for user, password in (line.split(":")
for line in passwords[1].splitlines())
}
self.assertEqual(1, m_multi_log.call_count)
self.assertEqual(
mock.call(mock.ANY, stderr=False, fallback_to_stdout=False),
m_multi_log.call_args)
self.assertEqual(set(["root", "ubuntu"]), set(user_pass.keys()))
written_lines = m_multi_log.call_args[0][0].splitlines()
for password in user_pass.values():
for line in written_lines:
if password in line:
break
else:
self.fail("Password not emitted to console")
def test_handle_on_chpasswd_list_parses_common_hashes(self):
"""handle parses command password hashes."""
cloud = self.tmp_cloud(distro="ubuntu")
valid_hashed_pwds = [
"root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/"
"Dlew1Va",
"ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q"
"SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1",
]
cfg = {"chpasswd": {"list": valid_hashed_pwds}}
with mock.patch.object(setpass, "chpasswd") as chpasswd:
setpass.handle("IGNORED",
cfg=cfg,
cloud=cloud,
log=self.logger,
args=[])
self.assertIn("DEBUG: Handling input for chpasswd as list.",
self.logs.getvalue())
self.assertIn(
"DEBUG: Setting hashed password for ['root', 'ubuntu']",
self.logs.getvalue(),
)
valid = "\n".join(valid_hashed_pwds) + "\n"
called = chpasswd.call_args[0][1]
self.assertEqual(valid, called)
def test_bsd_calls_custom_pw_cmds_to_set_and_expire_passwords(
self, m_subp, m_is_bsd
):
"""BSD don't use chpasswd"""
cloud = get_cloud(distro="freebsd")
valid_pwds = ["ubuntu:passw0rd"]
cfg = {"chpasswd": {"list": valid_pwds}}
with mock.patch.object(
cloud.distro, "uses_systemd", return_value=False
):
setpass.handle(
"IGNORED", cfg=cfg, cloud=cloud, log=self.logger, args=[]
)
self.assertEqual(
[
mock.call(
["pw", "usermod", "ubuntu", "-h", "0"],
data="passw0rd",
logstring="chpasswd for ubuntu",
),
mock.call(["pw", "usermod", "ubuntu", "-p", "01-Jan-1970"]),
mock.call(["service", "sshd", "status"], capture=True),
],
m_subp.call_args_list,
)
def test_handle_on_empty_config(self):
"""handle logs that no password has changed when config is empty."""
cloud = self.tmp_cloud(distro='ubuntu')
setpass.handle(
'IGNORED', cfg={}, cloud=cloud, log=self.logger, args=[])
self.assertEqual(
"DEBUG: Leaving ssh config 'PasswordAuthentication' unchanged. "
'ssh_pwauth=None\n',
self.logs.getvalue())
def test_handle_on_empty_config(self, *args):
"""handle logs that no password has changed when config is empty."""
cloud = self.tmp_cloud(distro='ubuntu')
setpass.handle(
'IGNORED', cfg={}, cloud=cloud, log=self.logger, args=[])
self.assertEqual(
"DEBUG: Leaving SSH config 'PasswordAuthentication' unchanged. "
'ssh_pwauth=None\n',
self.logs.getvalue())
def test_bsd_calls_custom_pw_cmds_to_set_and_expire_passwords(
self, m_subp, m_is_bsd):
"""BSD don't use chpasswd"""
m_is_bsd.return_value = True
cloud = self.tmp_cloud(distro='freebsd')
valid_pwds = ['ubuntu:passw0rd']
cfg = {'chpasswd': {'list': valid_pwds}}
setpass.handle(
'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[])
self.assertEqual([
mock.call(['pw', 'usermod', 'ubuntu', '-h', '0'], data='passw0rd',
logstring="chpasswd for ubuntu"),
mock.call(['pw', 'usermod', 'ubuntu', '-p', '01-Jan-1970'])],
m_subp.call_args_list)
def test_handle_on_empty_config(self, m_subp):
"""handle logs that no password has changed when config is empty."""
cloud = self.tmp_cloud(distro="ubuntu")
setpass.handle(
"IGNORED", cfg={}, cloud=cloud, log=self.logger, args=[]
)
self.assertEqual(
"DEBUG: Leaving SSH config 'PasswordAuthentication' unchanged. "
"ssh_pwauth=None\n",
self.logs.getvalue(),
)
self.assertEqual(
[mock.call(["systemctl", "status", "ssh"], capture=True)],
m_subp.call_args_list,
)
def test_handle_on_chpasswd_list_creates_random_passwords(
self, m_subp, m_is_freebsd):
"""handle parses command set random passwords."""
m_is_freebsd.return_value = False
cloud = self.tmp_cloud(distro='ubuntu')
valid_random_pwds = ['root:R', 'ubuntu:RANDOM']
cfg = {'chpasswd': {'expire': 'false', 'list': valid_random_pwds}}
with mock.patch(MODPATH + 'util.subp') as m_subp:
setpass.handle('IGNORED',
cfg=cfg,
cloud=cloud,
log=self.logger,
args=[])
self.assertIn('DEBUG: Handling input for chpasswd as list.',
self.logs.getvalue())
self.assertNotEqual(
[mock.call(['chpasswd'], '\n'.join(valid_random_pwds) + '\n')],
m_subp.call_args_list)
def test_bsd_calls_custom_pw_cmds_to_set_and_expire_passwords(
self, m_subp, m_is_bsd
):
"""BSD don't use chpasswd"""
m_is_bsd.return_value = True
cloud = self.tmp_cloud(distro="freebsd")
valid_pwds = ["ubuntu:passw0rd"]
cfg = {"chpasswd": {"list": valid_pwds}}
setpass.handle(
"IGNORED", cfg=cfg, cloud=cloud, log=self.logger, args=[]
)
self.assertEqual(
[
mock.call(
["pw", "usermod", "ubuntu", "-h", "0"],
data="passw0rd",
logstring="chpasswd for ubuntu",
),
mock.call(["pw", "usermod", "ubuntu", "-p", "01-Jan-1970"]),
],
m_subp.call_args_list,
)
def test_handle_on_chpasswd_list_parses_common_hashes(self, m_subp):
"""handle parses command password hashes."""
cloud = self.tmp_cloud(distro='ubuntu')
valid_hashed_pwds = [
'root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/'
'Dlew1Va',
'ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q'
'SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1']
cfg = {'chpasswd': {'list': valid_hashed_pwds}}
with mock.patch(MODPATH + 'util.subp') as m_subp:
setpass.handle(
'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[])
self.assertIn(
'DEBUG: Handling input for chpasswd as list.',
self.logs.getvalue())
self.assertIn(
"DEBUG: Setting hashed password for ['root', 'ubuntu']",
self.logs.getvalue())
self.assertEqual(
[mock.call(['chpasswd', '-e'],
'\n'.join(valid_hashed_pwds) + '\n')],
m_subp.call_args_list)
def test_handle_on_chpasswd_list_parses_common_hashes(self, m_subp):
"""handle parses command password hashes."""
cloud = self.tmp_cloud(distro='ubuntu')
valid_hashed_pwds = [
'root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/'
'Dlew1Va',
'ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q'
'SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1']
cfg = {'chpasswd': {'list': valid_hashed_pwds}}
with mock.patch(MODPATH + 'subp.subp') as m_subp:
setpass.handle(
'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[])
self.assertIn(
'DEBUG: Handling input for chpasswd as list.',
self.logs.getvalue())
self.assertIn(
"DEBUG: Setting hashed password for ['root', 'ubuntu']",
self.logs.getvalue())
self.assertEqual(
[mock.call(['chpasswd', '-e'],
'\n'.join(valid_hashed_pwds) + '\n')],
m_subp.call_args_list)
