Exemple #1
0
def test_execute_plan_to_create_user_with_invalid_sudoers_entry():
    """ Create a new user but specify an invalid sudoers entry """
    delete_test_user_and_group()
    raw_public_key_2 = PUBLIC_KEYS[1].get('raw')
    public_key_2 = PublicKey(raw=raw_public_key_2)
    current_users = Users.from_passwd()
    provided_users = Users()
    provided_users.append(
        User(name='testuserx1234',
             uid=59998,
             gid=1,
             gecos='test user gecos update',
             shell='/bin/false',
             public_keys=[public_key_2],
             sudoers_entry='INVALID ALL=(ALL:ALL) ALL'))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       manage_home=False,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"'
    with pytest.raises(ValueError):
        execute_plan(plan=plan)
    delete_test_user_and_group()
Exemple #2
0
def test_execute_plan_to_create_new_user_with_clashing_uid():
    """ Create a new user and then attempt to create another user with existing id """
    delete_test_user_and_group()
    current_users = Users.from_passwd()
    provided_users = Users()
    provided_users.append(
        User(name='testuserx1234', uid=59999, gecos='test user gecos'))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    assert plan[0]['action'] == 'add'
    assert plan[0]['proposed_user'].name == "testuserx1234"
    assert plan[0]['proposed_user'].uid == 59999
    assert plan[0]['proposed_user'].gecos == '\"test user gecos\"'
    execute_plan(plan=plan)
    current_users = Users.from_passwd()
    provided_users = Users()
    provided_users.append(
        User(name='testuserx12345', uid=59999, gecos='test user gecos'))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       purge_undefined=True,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    assert plan[0]['error'] == 'uid_clash'
    execute_plan(plan=plan)
    delete_test_user_and_group()
Exemple #3
0
def test_update_existing_user():
    delete_test_user_and_group()
    create_test_user()
    current_users = Users.from_passwd()
    provided_users = Users()
    raw_public_key = PUBLIC_KEYS[0].get('raw')
    public_key = PublicKey(raw=raw_public_key)
    provided_users.append(
        User(name='testuserx1234',
             uid=59999,
             gecos='test user gecos update',
             home_dir='/tmp/temp',
             public_keys=[public_key]))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    assert plan[0]['action'] == 'update'
    execute_plan(plan)
    current_users = Users.from_passwd()
    new_user = current_users.describe_users(users_filter=dict(
        name='testuserx1234'))
    assert new_user[0].public_keys[0].raw == raw_public_key
    delete_test_user_and_group()
Exemple #4
0
def test_execute_plan_to_create_user_with_downloaded_yaml():
    """ Create a new user from downloaded YAML file """
    delete_test_user_and_group()
    session = Session()
    s3_client = session.client('s3')
    test_user_1 = open(
        os.path.join(os.path.dirname(__file__), 'test_user_1.yml')).read()
    s3_client.create_bucket(Bucket='test')
    s3_client.put_object(Bucket='test', Key='test.yml', Body=test_user_1)
    response = s3_client.get_object(Bucket='test', Key='test.yml')
    contents = response['Body'].read()
    yaml_content = yaml.load(contents)
    current_users = Users.from_passwd()
    provided_users = Users.from_dict(yaml_content)
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       manage_home=False,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    execute_plan(plan=plan)
    updated_users = Users.from_passwd()
    updated_user = updated_users.describe_users(users_filter=dict(
        name='dummy'))
    assert len(updated_user) == 1
    assert updated_user[0].name == 'dummy'
    assert updated_user[0].gecos == '\"dummy (user) test\"'
    assert not updated_user[0].public_keys
    assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL'
    delete_test_user_and_group()
Exemple #5
0
def test_create_and_execute_plan_to_create_new_user_with_sudo_all():
    """ Test creation of a user instance with sudo all and then write """
    delete_test_user_and_group()
    create_test_group()
    current_users = Users.from_passwd()
    provided_users = Users()

    public_keys = [PublicKey(b64encoded=PUBLIC_KEYS[0]['encoded'])]
    provided_users.append(
        User(name='testuserx1234',
             home_dir='/home/testuserx1234',
             shell='/bin/false',
             gid=59999,
             uid=59999,
             gecos='test user gecos',
             public_keys=public_keys,
             sudoers_entry='ALL=(ALL)\tNOPASSWD:ALL'))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       purge_undefined=True,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'vagrant',
                           CURRENT_USER
                       ])
    assert plan[0]['state'] == 'missing'
    assert plan[0]['proposed_user'].name == "testuserx1234"
    assert plan[0]['proposed_user'].home_dir == "/home/testuserx1234"
    assert plan[0]['proposed_user'].uid == 59999
    assert plan[0]['proposed_user'].gid == 59999
    assert plan[0]['proposed_user'].gecos == '\"test user gecos\"'
    assert plan[0]['proposed_user'].shell == '/bin/false'
    assert plan[0]['proposed_user'].sudoers_entry == 'ALL=(ALL)\tNOPASSWD:ALL'
    assert type(plan[0]['proposed_user'].public_keys[0].raw) == text_type
    assert plan[0]['proposed_user'].public_keys[0].raw == text_type(
        PUBLIC_KEYS[0]['raw'])
    execute_plan(plan=plan)
    current_users = Users.from_passwd()
    created_user = current_users.describe_users(users_filter=dict(
        name='testuserx1234'))
    assert created_user[0].sudoers_entry == 'ALL=(ALL)\tNOPASSWD:ALL'
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       purge_undefined=True,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'vagrant',
                           CURRENT_USER
                       ])
    assert not plan
Exemple #6
0
def test_execute_plan_to_delete_user_ignoring_home():
    """ Delete a user and ensure their home dir is untouched """

    delete_test_user_and_group()
    pre_users = Users.from_passwd()
    create_test_user()
    plan = create_plan(existing_users=Users.from_passwd(),
                       proposed_users=pre_users,
                       purge_undefined=True,
                       manage_home=False,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    execute_plan(plan=plan)
    updated_users = Users.from_passwd()
    updated_user = updated_users.describe_users(users_filter=dict(
        name='testuserx1234'))
    assert len(updated_user) == 0
    assert os.path.exists('/home/testuserx1234')
    delete_test_user_and_group()
Exemple #7
0
def test_execute_plan_to_update_existing_user():
    """ Create a new user and then attempt to create another user with existing id """

    delete_test_user_and_group()
    create_test_user()
    raw_public_key_2 = PUBLIC_KEYS[1].get('raw')
    public_key_2 = PublicKey(raw=raw_public_key_2)
    current_users = Users.from_passwd()
    provided_users = Users()
    provided_users.append(
        User(name='testuserx1234',
             uid=59998,
             gid=1,
             gecos='test user gecos update',
             shell='/bin/false',
             public_keys=[public_key_2],
             sudoers_entry='ALL=(ALL:ALL) ALL'))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"'
    execute_plan(plan=plan)
    updated_users = Users.from_passwd()
    updated_user = updated_users.describe_users(users_filter=dict(
        name='testuserx1234'))
    assert len(updated_user) == 1
    assert updated_user[0].name == 'testuserx1234'
    assert updated_user[0].uid == 59998
    assert updated_user[0].gid == 1
    assert updated_user[0].gecos == '\"test user gecos update\"'
    assert updated_user[0].shell == '/bin/false'
    assert updated_user[0].public_keys[0].raw == text_type(
        PUBLIC_KEYS[1]['raw'])
    assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL'
    delete_test_user_and_group()
Exemple #8
0
def test_create_and_execute_plan_to_create_identical_user():
    delete_test_user_and_group()
    create_test_user()
    current_users = Users.from_passwd()
    provided_users = Users()
    provided_users.append(
        User(name='testuserx1234', uid=59999, gecos='test user gecos'))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    execute_plan(plan=plan)
    current_users = Users.from_passwd()
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    assert not plan
    delete_test_user_and_group()
Exemple #9
0
def test_execute_plan_to_update_existing_user_with_multiple_keys():
    """ Create a new user with 2 keys and then replace with a new one """
    create_test_user()
    raw_public_key_1 = PUBLIC_KEYS[0].get('raw')
    public_key_1 = PublicKey(raw=raw_public_key_1)
    raw_public_key_2 = PUBLIC_KEYS[1].get('raw')
    public_key_2 = PublicKey(raw=raw_public_key_2)
    raw_public_key_3 = PUBLIC_KEYS[2].get('raw')
    public_key_3 = PublicKey(raw=raw_public_key_3)
    raw_public_key_4 = PUBLIC_KEYS[3].get('raw')
    public_key_4 = PublicKey(raw=raw_public_key_4)
    current_users = Users.from_passwd()
    provided_users_2 = Users()
    provided_users_2.append(
        User(name='testuserx1234',
             uid=59998,
             gid=1,
             gecos='test user gecos update',
             shell='/bin/false',
             public_keys=[public_key_1, public_key_2]))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users_2,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    execute_plan(plan=plan)
    updated_users = Users.from_passwd()
    updated_user = updated_users.describe_users(users_filter=dict(
        name='testuserx1234'))
    assert updated_user[0].public_keys[0].raw == text_type(
        PUBLIC_KEYS[0]['raw'])
    assert updated_user[0].public_keys[1].raw == text_type(
        PUBLIC_KEYS[1]['raw'])
    # Replace both keys
    current_users = Users.from_passwd()
    provided_users_3 = Users()
    provided_users_3.append(
        User(name='testuserx1234',
             uid=59998,
             gid=1,
             gecos='test user gecos update',
             shell='/bin/false',
             public_keys=[public_key_3, public_key_4]))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users_3,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    execute_plan(plan=plan)
    updated_users = Users.from_passwd()
    updated_user = updated_users.describe_users(users_filter=dict(
        name='testuserx1234'))
    assert updated_user[0].public_keys[0].raw == text_type(
        PUBLIC_KEYS[2]['raw'])
    assert updated_user[0].public_keys[1].raw == text_type(
        PUBLIC_KEYS[3]['raw'])
    # Replace one key
    current_users = Users.from_passwd()
    provided_users_4 = Users()
    provided_users_4.append(
        User(name='testuserx1234',
             uid=59998,
             gid=1,
             gecos='test user gecos update',
             shell='/bin/false',
             public_keys=[public_key_2, public_key_4]))
    plan = create_plan(existing_users=current_users,
                       proposed_users=provided_users_4,
                       protected_users=[
                           'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj',
                           'vagrant', CURRENT_USER
                       ])
    execute_plan(plan=plan)
    updated_users = Users.from_passwd()
    updated_user = updated_users.describe_users(users_filter=dict(
        name='testuserx1234'))
    assert updated_user[0].public_keys[0].raw == text_type(
        PUBLIC_KEYS[1]['raw'])
    assert updated_user[0].public_keys[1].raw == text_type(
        PUBLIC_KEYS[3]['raw'])
    delete_test_user_and_group()