def test_handle_remote_access_remove_and_add(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil",
return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime(
"%a, %d %b %Y %H:%M:%S ") + "UTC"
rah._remote_access = remote_access
rah._handle_remote_access()
users = rah._os_util.get_users()
self.assertEqual(10, len(users))
# now remove the user from RemoteAccess
new_user = "******"
deleted_user = rah._remote_access.user_list.users[3]
rah._remote_access.user_list.users[3].name = new_user
rah._handle_remote_access()
users = rah._os_util.get_users()
self.assertTrue(deleted_user not in users,
"{0} still in users".format(deleted_user))
self.assertTrue(new_user in [u[0] for u in users],
"user {0} not in users".format(new_user))
self.assertEqual(10, len(users))
def test_handle_remote_access_deleted_user_readded(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil",
return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
tstuser = remote_access.user_list.users[0].name
expiration_date = datetime.utcnow() + timedelta(days=1)
expiration = expiration_date.strftime(
"%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah._remote_access = remote_access
rah._handle_remote_access()
users = get_user_dictionary(rah._os_util.get_users())
self.assertTrue(tstuser in users,
"{0} missing from users".format(tstuser))
os_util = rah._os_util
os_util.__class__ = MockOSUtil
os_util.all_users.clear() # pylint: disable=no-member
# refresh users
users = get_user_dictionary(rah._os_util.get_users())
self.assertTrue(tstuser not in users)
rah._handle_remote_access()
# refresh users
users = get_user_dictionary(rah._os_util.get_users())
self.assertTrue(tstuser in users,
"{0} missing from users".format(tstuser))
def test_handle_remote_access_no_users(self):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_no_accounts.xml')
remote_access = RemoteAccess(data_str)
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertEqual(0, len(users.keys()))
def test_handle_remote_access_multiple_users_error_with_null_remote_access(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = rah._os_util.get_users() # pylint: disable=protected-access
self.assertEqual(10, len(users))
# now remove the user from RemoteAccess
rah._remote_access = None # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = rah._os_util.get_users() # pylint: disable=protected-access
self.assertEqual(0, len(users))
def test_do_not_add_expired_user(self):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
expiration = (datetime.utcnow() - timedelta(days=2)).strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertFalse("testAccount" in users)
def test_handle_remote_access_bad_data_and_good_data(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
if count == 2:
user.name = ""
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertEqual(9, len(users.keys()))
def test_handle_new_user(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
tstuser = remote_access.user_list.users[0].name
expiration_date = datetime.utcnow() + timedelta(days=1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
actual_user = users[tstuser]
expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")
self.assertEqual(actual_user[7], expected_expiration)
self.assertEqual(actual_user[4], "JIT_Account")
def test_handle_remote_access_multiple_users(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_two_accounts.xml')
remote_access = RemoteAccess(data_str)
testusers = []
count = 0
while count < 2:
user = remote_access.user_list.users[count].name
expiration_date = datetime.utcnow() + timedelta(days=count + 1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[count].expiration = expiration
testusers.append(user)
count += 1
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertTrue(testusers[0] in users, "{0} missing from users".format(testusers[0]))
self.assertTrue(testusers[1] in users, "{0} missing from users".format(testusers[1]))
