def test_perms_block_operate(self): ''' Test that non-root can't run the important functions. ''' oneoff = PuppetctlExecution(self.test_statefile) with mock.patch.object(PuppetctlExecution, '_allowed_to_run_command', return_value=False): with self.assertRaises(SystemExit) as fail_operate, \ mock.patch('sys.stdout', new=StringIO()): oneoff.operate() self.assertEqual(fail_operate.exception.code, 2)
class TestExecutionOperate(unittest.TestCase): ''' Class of tests about executing puppetctl operate commands. ''' def setUp(self): ''' Preparing test rig ''' self.test_statefile = '/tmp/exec-operate-statefile-mods.test.txt' self.pe_patcher = mock.patch.object(PuppetctlExecution, '_allowed_to_run_command', return_value=True) self.sf_patcher = mock.patch.object(PuppetctlStatefile, '_allowed_to_write_statefile', return_value=True) self.library = PuppetctlExecution(self.test_statefile) self.library.logging_tag = 'testingpuppetctl[{}]'.format( self.library.invoking_user) self.pe_patcher.start() self.sf_patcher.start() def tearDown(self): ''' Cleanup test rig ''' try: os.remove(self.test_statefile) except OSError: # pragma: no cover # we likely never created the file. pass self.pe_patcher.stop() self.sf_patcher.stop() def test_perms_block_operate(self): ''' Test that non-root can't run the important functions. ''' oneoff = PuppetctlExecution(self.test_statefile) with mock.patch.object(PuppetctlExecution, '_allowed_to_run_command', return_value=False): with self.assertRaises(SystemExit) as fail_operate, \ mock.patch('sys.stdout', new=StringIO()): oneoff.operate() self.assertEqual(fail_operate.exception.code, 2) def test_operate_nolocks(self): ''' Test that "operate" does nothing when there are no locks. ''' with mock.patch('sys.stdout', new=StringIO()) as fake_out: self.library.operate() self.assertIn("Puppet is already in 'operate' mode.", fake_out.getvalue()) def test_operate_not_our_locks_1(self): ''' Test that "operate" does nothing when we have no locks, but others disable. ''' now = int(time.time()) self.library.statefile_object.add_lock('somebody2', 'disable', now + 30 * 60, 'I disabled 1h') self.library.statefile_object.add_lock('somebody3', 'nooperate', now + 90 * 60, 'I nooped 2h') with mock.patch('sys.stdout', new=StringIO()) as fake_out: with mock.patch.object(PuppetctlExecution, 'lock_status') as mock_status: self.library.operate() self.assertIn("Puppet is already in 'operate' mode for ", fake_out.getvalue()) self.assertIn(", but other users have puppet disabled.", fake_out.getvalue()) mock_status.assert_called_once_with() def test_operate_not_our_locks_2(self): ''' Test that "operate" does nothing when we have no locks, but root does. ''' now = int(time.time()) self.library.statefile_object.add_lock('root', 'nooperate', now + 90 * 60, 'I nooped 2h') with mock.patch('sys.stdout', new=StringIO()) as fake_out: with mock.patch.object(PuppetctlExecution, 'lock_status') as mock_status: self.library.operate() self.assertIn("Puppet is already in 'operate' mode for ", fake_out.getvalue()) self.assertIn(", but root has puppet in noop mode.", fake_out.getvalue()) mock_status.assert_called_once_with() def test_operate_not_our_locks_3(self): ''' Test that "operate" does nothing when we have no locks, but others noop. ''' now = int(time.time()) self.library.statefile_object.add_lock('somebody3', 'nooperate', now + 90 * 60, 'I nooped 2h') with mock.patch('sys.stdout', new=StringIO()) as fake_out: with mock.patch.object(PuppetctlExecution, 'lock_status') as mock_status: self.library.operate() self.assertIn("Puppet is already in 'operate' mode for ", fake_out.getvalue()) self.assertIn(", but other users have puppet in noop mode.", fake_out.getvalue()) mock_status.assert_called_once_with() def test_operate_disable_mylock(self): ''' Test that "operate" assists, but doesn't operate, when there's a disable lock. ''' now = int(time.time()) self.library.statefile_object.add_lock(self.library.invoking_user, 'disable', now + 30 * 60, 'It is my lock') with mock.patch('sys.stdout', new=StringIO()) as fake_out: self.library.operate() self.assertIn('Puppet is disabled', fake_out.getvalue()) def test_operate_noop_mylock(self): ''' Test that "operate" wants to operate when it's my lock. ''' now = int(time.time()) self.library.statefile_object.add_lock(self.library.invoking_user, 'nooperate', now + 30 * 60, 'It is my lock') with mock.patch('sys.stdout', new=StringIO()) as fake_out: self.library.operate() self.assertIn("Puppet is back in 'operate' mode.", fake_out.getvalue()) def test_operate_fails_remove_noop(self): ''' Test that "operate" complains if it can't remove noop locks. ''' now = int(time.time()) self.library.statefile_object.add_lock(self.library.invoking_user, 'nooperate', now + 30 * 60, 'It is my lock') with mock.patch.object(PuppetctlStatefile, 'remove_lock', return_value=False), \ self.assertRaises(SystemExit) as lockfail, \ mock.patch('sys.stdout', new=StringIO()) as fake_out: self.library.operate() self.assertIn('Unable to remove', fake_out.getvalue()) self.assertEqual(lockfail.exception.code, 2)