def test_execute_plan_to_create_user_with_invalid_sudoers_entry(): """ Create a new user but specify an invalid sudoers entry """ delete_test_user_and_group() raw_public_key_2 = PUBLIC_KEYS[1].get('raw') public_key_2 = PublicKey(raw=raw_public_key_2) current_users = Users.from_passwd() provided_users = Users() provided_users.append( User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update', shell='/bin/false', public_keys=[public_key_2], sudoers_entry='INVALID ALL=(ALL:ALL) ALL')) plan = create_plan(existing_users=current_users, proposed_users=provided_users, manage_home=False, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"' with pytest.raises(ValueError): execute_plan(plan=plan) delete_test_user_and_group()
def test_execute_plan_to_create_new_user_with_clashing_uid(): """ Create a new user and then attempt to create another user with existing id """ delete_test_user_and_group() current_users = Users.from_passwd() provided_users = Users() provided_users.append( User(name='testuserx1234', uid=59999, gecos='test user gecos')) plan = create_plan(existing_users=current_users, proposed_users=provided_users, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) assert plan[0]['action'] == 'add' assert plan[0]['proposed_user'].name == "testuserx1234" assert plan[0]['proposed_user'].uid == 59999 assert plan[0]['proposed_user'].gecos == '\"test user gecos\"' execute_plan(plan=plan) current_users = Users.from_passwd() provided_users = Users() provided_users.append( User(name='testuserx12345', uid=59999, gecos='test user gecos')) plan = create_plan(existing_users=current_users, proposed_users=provided_users, purge_undefined=True, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) assert plan[0]['error'] == 'uid_clash' execute_plan(plan=plan) delete_test_user_and_group()
def test_update_existing_user(): delete_test_user_and_group() create_test_user() current_users = Users.from_passwd() provided_users = Users() raw_public_key = PUBLIC_KEYS[0].get('raw') public_key = PublicKey(raw=raw_public_key) provided_users.append( User(name='testuserx1234', uid=59999, gecos='test user gecos update', home_dir='/tmp/temp', public_keys=[public_key])) plan = create_plan(existing_users=current_users, proposed_users=provided_users, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) assert plan[0]['action'] == 'update' execute_plan(plan) current_users = Users.from_passwd() new_user = current_users.describe_users(users_filter=dict( name='testuserx1234')) assert new_user[0].public_keys[0].raw == raw_public_key delete_test_user_and_group()
def test_execute_plan_to_create_user_with_downloaded_yaml(): """ Create a new user from downloaded YAML file """ delete_test_user_and_group() session = Session() s3_client = session.client('s3') test_user_1 = open( os.path.join(os.path.dirname(__file__), 'test_user_1.yml')).read() s3_client.create_bucket(Bucket='test') s3_client.put_object(Bucket='test', Key='test.yml', Body=test_user_1) response = s3_client.get_object(Bucket='test', Key='test.yml') contents = response['Body'].read() yaml_content = yaml.load(contents) current_users = Users.from_passwd() provided_users = Users.from_dict(yaml_content) plan = create_plan(existing_users=current_users, proposed_users=provided_users, manage_home=False, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) execute_plan(plan=plan) updated_users = Users.from_passwd() updated_user = updated_users.describe_users(users_filter=dict( name='dummy')) assert len(updated_user) == 1 assert updated_user[0].name == 'dummy' assert updated_user[0].gecos == '\"dummy (user) test\"' assert not updated_user[0].public_keys assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL' delete_test_user_and_group()
def test_create_and_execute_plan_to_create_new_user_with_sudo_all(): """ Test creation of a user instance with sudo all and then write """ delete_test_user_and_group() create_test_group() current_users = Users.from_passwd() provided_users = Users() public_keys = [PublicKey(b64encoded=PUBLIC_KEYS[0]['encoded'])] provided_users.append( User(name='testuserx1234', home_dir='/home/testuserx1234', shell='/bin/false', gid=59999, uid=59999, gecos='test user gecos', public_keys=public_keys, sudoers_entry='ALL=(ALL)\tNOPASSWD:ALL')) plan = create_plan(existing_users=current_users, proposed_users=provided_users, purge_undefined=True, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'vagrant', CURRENT_USER ]) assert plan[0]['state'] == 'missing' assert plan[0]['proposed_user'].name == "testuserx1234" assert plan[0]['proposed_user'].home_dir == "/home/testuserx1234" assert plan[0]['proposed_user'].uid == 59999 assert plan[0]['proposed_user'].gid == 59999 assert plan[0]['proposed_user'].gecos == '\"test user gecos\"' assert plan[0]['proposed_user'].shell == '/bin/false' assert plan[0]['proposed_user'].sudoers_entry == 'ALL=(ALL)\tNOPASSWD:ALL' assert type(plan[0]['proposed_user'].public_keys[0].raw) == text_type assert plan[0]['proposed_user'].public_keys[0].raw == text_type( PUBLIC_KEYS[0]['raw']) execute_plan(plan=plan) current_users = Users.from_passwd() created_user = current_users.describe_users(users_filter=dict( name='testuserx1234')) assert created_user[0].sudoers_entry == 'ALL=(ALL)\tNOPASSWD:ALL' plan = create_plan(existing_users=current_users, proposed_users=provided_users, purge_undefined=True, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'vagrant', CURRENT_USER ]) assert not plan
def test_execute_plan_to_delete_user_ignoring_home(): """ Delete a user and ensure their home dir is untouched """ delete_test_user_and_group() pre_users = Users.from_passwd() create_test_user() plan = create_plan(existing_users=Users.from_passwd(), proposed_users=pre_users, purge_undefined=True, manage_home=False, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) execute_plan(plan=plan) updated_users = Users.from_passwd() updated_user = updated_users.describe_users(users_filter=dict( name='testuserx1234')) assert len(updated_user) == 0 assert os.path.exists('/home/testuserx1234') delete_test_user_and_group()
def test_execute_plan_to_update_existing_user(): """ Create a new user and then attempt to create another user with existing id """ delete_test_user_and_group() create_test_user() raw_public_key_2 = PUBLIC_KEYS[1].get('raw') public_key_2 = PublicKey(raw=raw_public_key_2) current_users = Users.from_passwd() provided_users = Users() provided_users.append( User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update', shell='/bin/false', public_keys=[public_key_2], sudoers_entry='ALL=(ALL:ALL) ALL')) plan = create_plan(existing_users=current_users, proposed_users=provided_users, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"' execute_plan(plan=plan) updated_users = Users.from_passwd() updated_user = updated_users.describe_users(users_filter=dict( name='testuserx1234')) assert len(updated_user) == 1 assert updated_user[0].name == 'testuserx1234' assert updated_user[0].uid == 59998 assert updated_user[0].gid == 1 assert updated_user[0].gecos == '\"test user gecos update\"' assert updated_user[0].shell == '/bin/false' assert updated_user[0].public_keys[0].raw == text_type( PUBLIC_KEYS[1]['raw']) assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL' delete_test_user_and_group()
def test_create_and_execute_plan_to_create_identical_user(): delete_test_user_and_group() create_test_user() current_users = Users.from_passwd() provided_users = Users() provided_users.append( User(name='testuserx1234', uid=59999, gecos='test user gecos')) plan = create_plan(existing_users=current_users, proposed_users=provided_users, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) execute_plan(plan=plan) current_users = Users.from_passwd() plan = create_plan(existing_users=current_users, proposed_users=provided_users, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) assert not plan delete_test_user_and_group()
def test_execute_plan_to_update_existing_user_with_multiple_keys(): """ Create a new user with 2 keys and then replace with a new one """ create_test_user() raw_public_key_1 = PUBLIC_KEYS[0].get('raw') public_key_1 = PublicKey(raw=raw_public_key_1) raw_public_key_2 = PUBLIC_KEYS[1].get('raw') public_key_2 = PublicKey(raw=raw_public_key_2) raw_public_key_3 = PUBLIC_KEYS[2].get('raw') public_key_3 = PublicKey(raw=raw_public_key_3) raw_public_key_4 = PUBLIC_KEYS[3].get('raw') public_key_4 = PublicKey(raw=raw_public_key_4) current_users = Users.from_passwd() provided_users_2 = Users() provided_users_2.append( User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update', shell='/bin/false', public_keys=[public_key_1, public_key_2])) plan = create_plan(existing_users=current_users, proposed_users=provided_users_2, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) execute_plan(plan=plan) updated_users = Users.from_passwd() updated_user = updated_users.describe_users(users_filter=dict( name='testuserx1234')) assert updated_user[0].public_keys[0].raw == text_type( PUBLIC_KEYS[0]['raw']) assert updated_user[0].public_keys[1].raw == text_type( PUBLIC_KEYS[1]['raw']) # Replace both keys current_users = Users.from_passwd() provided_users_3 = Users() provided_users_3.append( User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update', shell='/bin/false', public_keys=[public_key_3, public_key_4])) plan = create_plan(existing_users=current_users, proposed_users=provided_users_3, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) execute_plan(plan=plan) updated_users = Users.from_passwd() updated_user = updated_users.describe_users(users_filter=dict( name='testuserx1234')) assert updated_user[0].public_keys[0].raw == text_type( PUBLIC_KEYS[2]['raw']) assert updated_user[0].public_keys[1].raw == text_type( PUBLIC_KEYS[3]['raw']) # Replace one key current_users = Users.from_passwd() provided_users_4 = Users() provided_users_4.append( User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update', shell='/bin/false', public_keys=[public_key_2, public_key_4])) plan = create_plan(existing_users=current_users, proposed_users=provided_users_4, protected_users=[ 'travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER ]) execute_plan(plan=plan) updated_users = Users.from_passwd() updated_user = updated_users.describe_users(users_filter=dict( name='testuserx1234')) assert updated_user[0].public_keys[0].raw == text_type( PUBLIC_KEYS[1]['raw']) assert updated_user[0].public_keys[1].raw == text_type( PUBLIC_KEYS[3]['raw']) delete_test_user_and_group()