Esempio n. 1
0
 def setUp(self):
     super(UserRoleTest, self).setUp()
     self.role = UserRole(None, {})
Esempio n. 2
0
class UserRoleTest(ProvyTestCase):
    def setUp(self):
        super(UserRoleTest, self).setUp()
        self.role = UserRole(None, {})

    @istest
    def checks_that_a_group_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertTrue(self.role.group_exists('daemon'))
            execute.assert_called_with("cat /etc/group | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_group_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('iis'))

    @istest
    def checks_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('roo'))
            self.assertFalse(self.role.group_exists('roots'))

    @istest
    def checks_that_a_user_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertTrue(self.role.user_exists('daemon'))
            execute.assert_called_with("cat /etc/passwd | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('iis'))

    @istest
    def checks_user_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('roo'))
            self.assertFalse(self.role.user_exists('roots'))

    @istest
    def checks_that_a_user_is_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertTrue(self.role.user_in_group('foo', 'sudo'))
            execute.assert_called_with("groups foo", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_is_not_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'root'))

    @istest
    def checks_that_a_user_is_in_a_certain_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'sud'))
            self.assertFalse(self.role.user_in_group('foo', 'sudoer'))

    @istest
    def cannot_check_user_in_groups_if_username_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = 'groups: foo: User unexistant'

            self.assertRaises(ValueError, self.role.user_in_group, 'foo', 'bar')

    @istest
    def ensures_a_group_is_created(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = False

            self.role.ensure_group('foo')

            self.role.group_exists.assert_called_once_with('foo')
            self.role.execute.assert_called_once_with('groupadd foo', sudo=True, stdout=False)

    @istest
    def ensures_a_group_is_created_with_group_id(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = False

            self.role.ensure_group('foo', group_id=123)

            self.role.group_exists.assert_called_once_with('foo')
            self.role.execute.assert_called_once_with('groupadd --gid 123 foo', sudo=True, stdout=False)

    @istest
    def doesnt_create_group_if_it_already_exists(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = True

            self.role.ensure_group('foo')

            self.assertFalse(self.role.execute.called)

    @istest
    def ensures_the_user_enters_the_provided_groups_when_not_there_already(self):
        with self.mock_role_methods('user_in_group', 'execute'):
            self.role.user_in_group.side_effect = [True, False]

            self.role.ensure_user_groups('foo', ['bar', 'baz'])

            self.assertEqual(self.role.user_in_group.mock_calls, [
                call('foo', 'bar'),
                call('foo', 'baz'),
            ])
            self.role.execute.assert_called_once_with('usermod -G baz foo', sudo=True, stdout=False)

    @istest
    def ensures_user_is_created_when_not_created_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            self.role.user_exists.return_value = False

            self.role.ensure_user(username='******', identified_by='foo-pass', groups=['foo-group', 'bar-group'])

            self.assertEqual(self.role.ensure_group.mock_calls, [
                call('foo-group'),
                call('bar-group'),
            ])
            self.assertEqual(self.role.execute.mock_calls, [
                call('useradd -g foo-group -s /bin/bash -p foo-pass -d /home/foo-user -m foo-user', stdout=False, sudo=True),
                call('echo "foo-user:foo-pass" | chpasswd', stdout=False, sudo=True),
            ])
            self.role.ensure_user_groups.assert_called_once_with('foo-user', ['foo-group', 'bar-group'])

    @istest
    def ensures_user_is_created_with_irrelevant_password(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            self.role.user_exists.return_value = False

            self.role.ensure_user(username='******', groups=['foo-group', 'bar-group'])

            self.assertEqual(self.role.execute.mock_calls, [
                call('useradd -g foo-group -s /bin/bash -p none -d /home/foo-user -m foo-user', stdout=False, sudo=True),
            ])

    @istest
    def ensures_user_is_created_with_only_group_as_username(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            self.role.user_exists.return_value = False

            self.role.ensure_user(username='******')

            self.assertEqual(self.role.execute.mock_calls, [
                call('useradd -g foo-user -s /bin/bash -p none -d /home/foo-user -m foo-user', stdout=False, sudo=True),
            ])

    @istest
    def ensures_user_is_created_with_different_home(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            self.role.user_exists.return_value = False

            self.role.ensure_user(username='******', home_folder='/srv/bar')

            self.assertEqual(self.role.execute.mock_calls, [
                call('useradd -g foo-user -s /bin/bash -p none -d /srv/bar -m foo-user', stdout=False, sudo=True),
            ])

    @istest
    def doesnt_add_but_set_user_as_admin_when_it_already_exists_but_is_not_admin_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'user_in_group', 'execute'):
            self.role.user_exists.return_value = True
            self.role.user_in_group.return_value = False

            self.role.ensure_user(username='******', is_admin=True)

            self.role.user_in_group.assert_called_once_with('foo-user', 'wheel')
            self.assertEqual(self.role.execute.mock_calls, [
                call('usermod -G wheel foo-user', sudo=True, stdout=False),
            ])

    @istest
    def just_add_user_to_groups_if_its_already_admin(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'user_in_group', 'execute'):
            self.role.user_exists.return_value = True
            self.role.user_in_group.return_value = True

            self.role.ensure_user(username='******', is_admin=True, groups=['foo-group', 'bar-group'])

            self.assertFalse(self.role.execute.called)
            self.role.ensure_user_groups.assert_called_once_with('foo-user', ['foo-group', 'bar-group'])