def test_handle_on_chpasswd_list_creates_random_passwords( self, m_subp, m_multi_log): """handle parses command set random passwords.""" cloud = self.tmp_cloud(distro='ubuntu') valid_random_pwds = ['root:R', 'ubuntu:RANDOM'] cfg = {'chpasswd': {'expire': 'false', 'list': valid_random_pwds}} with mock.patch.object(setpass, 'chpasswd') as chpasswd: setpass.handle('IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[]) self.assertIn('DEBUG: Handling input for chpasswd as list.', self.logs.getvalue()) self.assertEqual(1, chpasswd.call_count) passwords, _ = chpasswd.call_args user_pass = { user: password for user, password in (line.split(":") for line in passwords[1].splitlines()) } self.assertEqual(1, m_multi_log.call_count) self.assertEqual( mock.call(mock.ANY, stderr=False, fallback_to_stdout=False), m_multi_log.call_args) self.assertEqual(set(["root", "ubuntu"]), set(user_pass.keys())) written_lines = m_multi_log.call_args[0][0].splitlines() for password in user_pass.values(): for line in written_lines: if password in line: break else: self.fail("Password not emitted to console")
def test_handle_on_chpasswd_list_parses_common_hashes(self): """handle parses command password hashes.""" cloud = self.tmp_cloud(distro="ubuntu") valid_hashed_pwds = [ "root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/" "Dlew1Va", "ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q" "SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1", ] cfg = {"chpasswd": {"list": valid_hashed_pwds}} with mock.patch.object(setpass, "chpasswd") as chpasswd: setpass.handle("IGNORED", cfg=cfg, cloud=cloud, log=self.logger, args=[]) self.assertIn("DEBUG: Handling input for chpasswd as list.", self.logs.getvalue()) self.assertIn( "DEBUG: Setting hashed password for ['root', 'ubuntu']", self.logs.getvalue(), ) valid = "\n".join(valid_hashed_pwds) + "\n" called = chpasswd.call_args[0][1] self.assertEqual(valid, called)
def test_bsd_calls_custom_pw_cmds_to_set_and_expire_passwords( self, m_subp, m_is_bsd ): """BSD don't use chpasswd""" cloud = get_cloud(distro="freebsd") valid_pwds = ["ubuntu:passw0rd"] cfg = {"chpasswd": {"list": valid_pwds}} with mock.patch.object( cloud.distro, "uses_systemd", return_value=False ): setpass.handle( "IGNORED", cfg=cfg, cloud=cloud, log=self.logger, args=[] ) self.assertEqual( [ mock.call( ["pw", "usermod", "ubuntu", "-h", "0"], data="passw0rd", logstring="chpasswd for ubuntu", ), mock.call(["pw", "usermod", "ubuntu", "-p", "01-Jan-1970"]), mock.call(["service", "sshd", "status"], capture=True), ], m_subp.call_args_list, )
def test_handle_on_empty_config(self): """handle logs that no password has changed when config is empty.""" cloud = self.tmp_cloud(distro='ubuntu') setpass.handle( 'IGNORED', cfg={}, cloud=cloud, log=self.logger, args=[]) self.assertEqual( "DEBUG: Leaving ssh config 'PasswordAuthentication' unchanged. " 'ssh_pwauth=None\n', self.logs.getvalue())
def test_handle_on_empty_config(self, *args): """handle logs that no password has changed when config is empty.""" cloud = self.tmp_cloud(distro='ubuntu') setpass.handle( 'IGNORED', cfg={}, cloud=cloud, log=self.logger, args=[]) self.assertEqual( "DEBUG: Leaving SSH config 'PasswordAuthentication' unchanged. " 'ssh_pwauth=None\n', self.logs.getvalue())
def test_bsd_calls_custom_pw_cmds_to_set_and_expire_passwords( self, m_subp, m_is_bsd): """BSD don't use chpasswd""" m_is_bsd.return_value = True cloud = self.tmp_cloud(distro='freebsd') valid_pwds = ['ubuntu:passw0rd'] cfg = {'chpasswd': {'list': valid_pwds}} setpass.handle( 'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[]) self.assertEqual([ mock.call(['pw', 'usermod', 'ubuntu', '-h', '0'], data='passw0rd', logstring="chpasswd for ubuntu"), mock.call(['pw', 'usermod', 'ubuntu', '-p', '01-Jan-1970'])], m_subp.call_args_list)
def test_handle_on_empty_config(self, m_subp): """handle logs that no password has changed when config is empty.""" cloud = self.tmp_cloud(distro="ubuntu") setpass.handle( "IGNORED", cfg={}, cloud=cloud, log=self.logger, args=[] ) self.assertEqual( "DEBUG: Leaving SSH config 'PasswordAuthentication' unchanged. " "ssh_pwauth=None\n", self.logs.getvalue(), ) self.assertEqual( [mock.call(["systemctl", "status", "ssh"], capture=True)], m_subp.call_args_list, )
def test_handle_on_chpasswd_list_creates_random_passwords( self, m_subp, m_is_freebsd): """handle parses command set random passwords.""" m_is_freebsd.return_value = False cloud = self.tmp_cloud(distro='ubuntu') valid_random_pwds = ['root:R', 'ubuntu:RANDOM'] cfg = {'chpasswd': {'expire': 'false', 'list': valid_random_pwds}} with mock.patch(MODPATH + 'util.subp') as m_subp: setpass.handle('IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[]) self.assertIn('DEBUG: Handling input for chpasswd as list.', self.logs.getvalue()) self.assertNotEqual( [mock.call(['chpasswd'], '\n'.join(valid_random_pwds) + '\n')], m_subp.call_args_list)
def test_bsd_calls_custom_pw_cmds_to_set_and_expire_passwords( self, m_subp, m_is_bsd ): """BSD don't use chpasswd""" m_is_bsd.return_value = True cloud = self.tmp_cloud(distro="freebsd") valid_pwds = ["ubuntu:passw0rd"] cfg = {"chpasswd": {"list": valid_pwds}} setpass.handle( "IGNORED", cfg=cfg, cloud=cloud, log=self.logger, args=[] ) self.assertEqual( [ mock.call( ["pw", "usermod", "ubuntu", "-h", "0"], data="passw0rd", logstring="chpasswd for ubuntu", ), mock.call(["pw", "usermod", "ubuntu", "-p", "01-Jan-1970"]), ], m_subp.call_args_list, )
def test_handle_on_chpasswd_list_parses_common_hashes(self, m_subp): """handle parses command password hashes.""" cloud = self.tmp_cloud(distro='ubuntu') valid_hashed_pwds = [ 'root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/' 'Dlew1Va', 'ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q' 'SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1'] cfg = {'chpasswd': {'list': valid_hashed_pwds}} with mock.patch(MODPATH + 'util.subp') as m_subp: setpass.handle( 'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[]) self.assertIn( 'DEBUG: Handling input for chpasswd as list.', self.logs.getvalue()) self.assertIn( "DEBUG: Setting hashed password for ['root', 'ubuntu']", self.logs.getvalue()) self.assertEqual( [mock.call(['chpasswd', '-e'], '\n'.join(valid_hashed_pwds) + '\n')], m_subp.call_args_list)
def test_handle_on_chpasswd_list_parses_common_hashes(self, m_subp): """handle parses command password hashes.""" cloud = self.tmp_cloud(distro='ubuntu') valid_hashed_pwds = [ 'root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/' 'Dlew1Va', 'ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q' 'SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1'] cfg = {'chpasswd': {'list': valid_hashed_pwds}} with mock.patch(MODPATH + 'subp.subp') as m_subp: setpass.handle( 'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[]) self.assertIn( 'DEBUG: Handling input for chpasswd as list.', self.logs.getvalue()) self.assertIn( "DEBUG: Setting hashed password for ['root', 'ubuntu']", self.logs.getvalue()) self.assertEqual( [mock.call(['chpasswd', '-e'], '\n'.join(valid_hashed_pwds) + '\n')], m_subp.call_args_list)