コード例 #1
0
ファイル: test_user.py プロジェクト: finder/provy
class UserRoleTest(ProvyTestCase):
    def setUp(self):
        super(UserRoleTest, self).setUp()
        self.role = UserRole(None, {})

    @istest
    def checks_that_a_group_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertTrue(self.role.group_exists('daemon'))
            execute.assert_called_with("cat /etc/group | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_group_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('iis'))

    @istest
    def checks_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('roo'))
            self.assertFalse(self.role.group_exists('roots'))

    @istest
    def checks_that_a_user_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertTrue(self.role.user_exists('daemon'))
            execute.assert_called_with("cat /etc/passwd | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('iis'))

    @istest
    def checks_user_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('roo'))
            self.assertFalse(self.role.user_exists('roots'))

    @istest
    def checks_that_a_user_is_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertTrue(self.role.user_in_group('foo', 'sudo'))
            execute.assert_called_with("groups foo", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_is_not_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'root'))

    @istest
    def checks_that_a_user_is_in_a_certain_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'sud'))
            self.assertFalse(self.role.user_in_group('foo', 'sudoer'))

    @istest
    def cannot_check_user_in_groups_if_username_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = 'groups: foo: User unexistant'

            self.assertRaises(ValueError, self.role.user_in_group, 'foo', 'bar')

    @istest
    def ensures_a_group_is_created(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = False

            self.role.ensure_group('foo')

            self.role.group_exists.assert_called_once_with('foo')
            self.role.execute.assert_called_once_with('groupadd foo', sudo=True, stdout=False)

    @istest
    def doesnt_create_group_if_it_already_exists(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = True

            self.role.ensure_group('foo')

            self.assertFalse(self.role.execute.called)

    @istest
    def ensures_the_user_enters_the_provided_groups_when_not_there_already(self):
        with self.mock_role_methods('user_in_group', 'execute'):
            self.role.user_in_group.side_effect = [True, False]

            self.role.ensure_user_groups('foo', ['bar', 'baz'])

            self.assertEqual(self.role.user_in_group.mock_calls, [
                call('foo', 'bar'),
                call('foo', 'baz'),
            ])
            self.role.execute.assert_called_once_with('usermod -G baz foo', sudo=True, stdout=False)

    @istest
    def ensures_user_is_created_when_not_created_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******', identified_by='foo-pass', groups=['foo-group', 'bar-group'])

                self.assertEqual(self.role.ensure_group.mock_calls, [
                    call('foo-group'),
                    call('bar-group'),
                ])
                self.assertEqual(self.role.execute.mock_calls, [
                    call('useradd -g foo-group -s /bin/bash -p foo-pass -d /home/foo-user -m foo-user', stdout=False, sudo=True),
                    call('echo "foo-user:foo-pass" | chpasswd', stdout=False, sudo=True),
                ])
                self.role.ensure_user_groups.assert_called_once_with('foo-user', ['foo-group', 'bar-group'])

    @istest
    def ensures_user_is_created_with_irrelevant_password(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******', groups=['foo-group', 'bar-group'])

                self.assertEqual(self.role.execute.mock_calls, [
                    call('useradd -g foo-group -s /bin/bash -p none -d /home/foo-user -m foo-user', stdout=False, sudo=True),
                ])

    @istest
    def ensures_user_is_created_with_only_group_as_username(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******')

                self.assertEqual(self.role.execute.mock_calls, [
                    call('useradd -g foo-user -s /bin/bash -p none -d /home/foo-user -m foo-user', stdout=False, sudo=True),
                ])

    @istest
    def ensures_user_is_created_with_different_home(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******', home_folder='/srv/bar')

                self.assertEqual(self.role.execute.mock_calls, [
                    call('useradd -g foo-user -s /bin/bash -p none -d /srv/bar -m foo-user', stdout=False, sudo=True),
                ])

    @istest
    def doesnt_add_but_set_user_as_admin_for_debian_when_it_already_exists_but_is_not_admin_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'user_in_group', 'execute'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = False

                self.role.ensure_user(username='******', is_admin=True)

                self.role.user_in_group.assert_called_once_with('foo-user', 'admin')
                self.assertEqual(self.role.execute.mock_calls, [
                    call('usermod -G admin foo-user', sudo=True, stdout=False),
                ])

    @istest
    def doesnt_add_but_set_user_as_admin_for_ubuntu_when_it_already_exists_but_is_not_admin_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'user_in_group', 'execute'):
            with self.provisioning_to('ubuntu'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = False

                self.role.ensure_user(username='******', is_admin=True)

                self.role.user_in_group.assert_called_once_with('foo-user', 'sudo')
                self.assertEqual(self.role.execute.mock_calls, [
                    call('usermod -G sudo foo-user', sudo=True, stdout=False),
                ])
コード例 #2
0
ファイル: test_user.py プロジェクト: finder/provy
 def setUp(self):
     super(UserRoleTest, self).setUp()
     self.role = UserRole(None, {})
コード例 #3
0
ファイル: test_user.py プロジェクト: fernandogrd/provy
 def setUp(self):
     self.role = UserRole(None, {})
コード例 #4
0
ファイル: test_user.py プロジェクト: fernandogrd/provy
class UserRoleTest(ProvyTestCase):
    def setUp(self):
        self.role = UserRole(None, {})

    @istest
    def checks_that_a_group_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertTrue(self.role.group_exists('daemon'))
            execute.assert_called_with("cat /etc/group | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_group_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('iis'))

    @istest
    def checks_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('roo'))
            self.assertFalse(self.role.group_exists('roots'))

    @istest
    def checks_that_a_user_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertTrue(self.role.user_exists('daemon'))
            execute.assert_called_with("cat /etc/passwd | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('iis'))

    @istest
    def checks_user_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('roo'))
            self.assertFalse(self.role.user_exists('roots'))

    @istest
    def checks_that_a_user_is_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertTrue(self.role.user_in_group('foo', 'sudo'))
            execute.assert_called_with("groups foo", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_is_not_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'root'))

    @istest
    def checks_that_a_user_is_in_a_certain_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'sud'))
            self.assertFalse(self.role.user_in_group('foo', 'sudoer'))

    @istest
    def cannot_check_user_in_groups_if_username_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = 'groups: foo: User unexistant'

            self.assertRaises(ValueError, self.role.user_in_group, 'foo', 'bar')
コード例 #5
0
ファイル: test_user.py プロジェクト: ashton/provy
class UserRoleTest(ProvyTestCase):
    def setUp(self):
        super(UserRoleTest, self).setUp()
        self.role = UserRole(None, {})

    @istest
    def checks_that_a_group_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertTrue(self.role.group_exists('daemon'))
            execute.assert_called_with("cat /etc/group | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_group_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('iis'))

    @istest
    def checks_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('roo'))
            self.assertFalse(self.role.group_exists('roots'))

    @istest
    def checks_that_a_user_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertTrue(self.role.user_exists('daemon'))
            execute.assert_called_with("cat /etc/passwd | cut -d ':' -f 1", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('iis'))

    @istest
    def checks_user_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('roo'))
            self.assertFalse(self.role.user_exists('roots'))

    @istest
    def checks_that_a_user_is_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertTrue(self.role.user_in_group('foo', 'sudo'))
            execute.assert_called_with("groups foo", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_is_not_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'root'))

    @istest
    def checks_that_a_user_is_in_a_certain_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'sud'))
            self.assertFalse(self.role.user_in_group('foo', 'sudoer'))

    @istest
    def cannot_check_user_in_groups_if_username_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = 'groups: foo: User unexistant'

            self.assertRaises(ValueError, self.role.user_in_group, 'foo', 'bar')

    @istest
    def ensures_a_group_is_created(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = False

            self.role.ensure_group('foo')

            self.role.group_exists.assert_called_once_with('foo')
            self.role.execute.assert_called_once_with('groupadd foo', sudo=True, stdout=False)

    @istest
    def ensures_a_group_is_created_with_group_id(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = False

            self.role.ensure_group('foo', group_id=123)

            self.role.group_exists.assert_called_once_with('foo')
            self.role.execute.assert_called_once_with('groupadd --gid 123 foo', sudo=True, stdout=False)

    @istest
    def doesnt_create_group_if_it_already_exists(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = True

            self.role.ensure_group('foo')

            self.assertFalse(self.role.execute.called)

    @istest
    def ensures_the_user_enters_the_provided_groups_when_not_there_already(self):
        with self.mock_role_methods('user_in_group', 'execute'):
            self.role.user_in_group.side_effect = [True, False]

            self.role.ensure_user_groups('foo', ['bar', 'baz'])

            self.assertEqual(self.role.user_in_group.mock_calls, [
                call('foo', 'bar'),
                call('foo', 'baz'),
            ])
            self.role.execute.assert_called_once_with('usermod -G baz foo', sudo=True, stdout=False)

    @istest
    def ensures_user_is_created_when_not_created_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute', 'set_user_password'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******', identified_by='foo-pass', groups=['foo-group', 'bar-group'])

                self.assertEqual(self.role.ensure_group.mock_calls, [
                    call('foo-group'),
                    call('bar-group'),
                ])
                self.assertEqual(self.role.execute.mock_calls, [
                    call('useradd -g foo-group -s /bin/bash -d /home/foo-user -m foo-user', stdout=False, sudo=True)
                ])
                self.role.set_user_password.assert_called_once_with(
                    'foo-user', 'foo-pass', False
                )
                self.role.ensure_user_groups.assert_called_once_with('foo-user', ['foo-group', 'bar-group'])

    @istest
    def ensures_user_is_created_with_only_group_as_username(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute', 'set_user_password'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******')

                self.assertEqual(self.role.execute.mock_calls, [
                    call('useradd -g foo-user -s /bin/bash -d /home/foo-user -m foo-user', stdout=False, sudo=True),
                ])

    @istest
    def ensures_user_is_created_with_different_home(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'execute', 'set_user_password'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******', home_folder='/srv/bar')

                self.assertEqual(self.role.execute.mock_calls, [
                    call('useradd -g foo-user -s /bin/bash -d /srv/bar -m foo-user', stdout=False, sudo=True),
                ])

    @istest
    def doesnt_add_but_set_user_as_admin_for_debian_when_it_already_exists_but_is_not_admin_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'user_in_group', 'execute', "set_user_password"):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = False

                self.role.ensure_user(username='******', is_admin=True)

                self.role.user_in_group.assert_called_once_with('foo-user', 'admin')
                self.assertEqual(self.role.execute.mock_calls, [
                    call('usermod -G admin foo-user', sudo=True, stdout=False),
                ])

    @istest
    def doesnt_add_but_set_user_as_admin_for_ubuntu_when_it_already_exists_but_is_not_admin_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'user_in_group', 'execute', 'set_user_password'):
            with self.provisioning_to('ubuntu'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = False

                self.role.ensure_user(username='******', is_admin=True)

                self.role.user_in_group.assert_called_once_with('foo-user', 'sudo')
                self.assertEqual(self.role.execute.mock_calls, [
                    call('usermod -G sudo foo-user', sudo=True, stdout=False),
                ])

    @istest
    def just_add_user_to_groups_if_its_already_admin(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups', 'user_exists', 'user_in_group', 'execute', 'set_user_password'):
            with self.provisioning_to('ubuntu'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = True

                self.role.ensure_user(username='******', is_admin=True, groups=['foo-group', 'bar-group'])

                self.assertFalse(self.role.execute.called)
                self.role.ensure_user_groups.assert_called_once_with('foo-user', ['foo-group', 'bar-group'])

    @istest
    def check_set_user_password_when_password_is_encrypted(self):
        encrypted_password = "******"
        with self.mock_role_methods("create_remote_temp_file", 'put_file', 'execute', "remove_file"):
            self.role.create_remote_temp_file.return_value = "/tmp/random"
            self.role.set_user_password("foo", encrypted_password, encrypted=True)
            self.role.put_file.assert_called_once_with(
                ANY,
                "/tmp/random",
                sudo=True,
                stdout=False
            )
            self.assertIn(
                call('cat "/tmp/random" | chpasswd -e', sudo=True, stdout=False),
                self.role.execute.mock_calls
            )

    @istest
    def check_set_user_password_when_password_is_not_encrypted(self):
        with self.mock_role_methods("create_remote_temp_file", 'put_file', 'execute', "remove_file"):
            self.role.create_remote_temp_file.return_value = "/tmp/random"
            self.role.set_user_password("foo", "foo-pass")
            self.role.put_file.assert_called_once_with(
                ANY,
                "/tmp/random",
                sudo=True,
                stdout=False
            )
            self.assertIn(
                call('cat "/tmp/random" | chpasswd ', sudo=True, stdout=False),
                self.role.execute.mock_calls
            )
コード例 #6
0
ファイル: test_user.py プロジェクト: tgonzales/provy
 def setUp(self):
     super(UserRoleTest, self).setUp()
     self.role = UserRole(None, {})
コード例 #7
0
ファイル: test_user.py プロジェクト: tgonzales/provy
class UserRoleTest(ProvyTestCase):
    def setUp(self):
        super(UserRoleTest, self).setUp()
        self.role = UserRole(None, {})

    @istest
    def checks_that_a_group_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertTrue(self.role.group_exists('daemon'))
            execute.assert_called_with("cat /etc/group | cut -d ':' -f 1",
                                       stdout=False,
                                       sudo=True)

    @istest
    def checks_that_a_group_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('iis'))

    @istest
    def checks_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups

            self.assertFalse(self.role.group_exists('roo'))
            self.assertFalse(self.role.group_exists('roots'))

    @istest
    def checks_that_a_user_exists(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertTrue(self.role.user_exists('daemon'))
            execute.assert_called_with("cat /etc/passwd | cut -d ':' -f 1",
                                       stdout=False,
                                       sudo=True)

    @istest
    def checks_that_a_user_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('iis'))

    @istest
    def checks_user_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_users

            self.assertFalse(self.role.user_exists('roo'))
            self.assertFalse(self.role.user_exists('roots'))

    @istest
    def checks_that_a_user_is_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertTrue(self.role.user_in_group('foo', 'sudo'))
            execute.assert_called_with("groups foo", stdout=False, sudo=True)

    @istest
    def checks_that_a_user_is_not_in_a_certain_group(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'root'))

    @istest
    def checks_that_a_user_is_in_a_certain_group_by_exact_name(self):
        with self.execute_mock() as execute:
            execute.return_value = example_groups_for_user

            self.assertFalse(self.role.user_in_group('foo', 'sud'))
            self.assertFalse(self.role.user_in_group('foo', 'sudoer'))

    @istest
    def cannot_check_user_in_groups_if_username_doesnt_exist(self):
        with self.execute_mock() as execute:
            execute.return_value = 'groups: foo: User unexistant'

            self.assertRaises(ValueError, self.role.user_in_group, 'foo',
                              'bar')

    @istest
    def ensures_a_group_is_created(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = False

            self.role.ensure_group('foo')

            self.role.group_exists.assert_called_once_with('foo')
            self.role.execute.assert_called_once_with('groupadd foo',
                                                      sudo=True,
                                                      stdout=False)

    @istest
    def ensures_a_group_is_created_with_group_id(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = False

            self.role.ensure_group('foo', group_id=123)

            self.role.group_exists.assert_called_once_with('foo')
            self.role.execute.assert_called_once_with('groupadd --gid 123 foo',
                                                      sudo=True,
                                                      stdout=False)

    @istest
    def doesnt_create_group_if_it_already_exists(self):
        with self.mock_role_methods('group_exists', 'execute'):
            self.role.group_exists.return_value = True

            self.role.ensure_group('foo')

            self.assertFalse(self.role.execute.called)

    @istest
    def ensures_the_user_enters_the_provided_groups_when_not_there_already(
            self):
        with self.mock_role_methods('user_in_group', 'execute'):
            self.role.user_in_group.side_effect = [True, False]

            self.role.ensure_user_groups('foo', ['bar', 'baz'])

            self.assertEqual(self.role.user_in_group.mock_calls, [
                call('foo', 'bar'),
                call('foo', 'baz'),
            ])
            self.role.execute.assert_called_once_with('usermod -G baz foo',
                                                      sudo=True,
                                                      stdout=False)

    @istest
    def ensures_user_is_created_when_not_created_yet(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups',
                                    'user_exists', 'execute',
                                    'set_user_password'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******',
                                      identified_by='foo-pass',
                                      groups=['foo-group', 'bar-group'])

                self.assertEqual(self.role.ensure_group.mock_calls, [
                    call('foo-group'),
                    call('bar-group'),
                ])
                self.assertEqual(self.role.execute.mock_calls, [
                    call(
                        'useradd -g foo-group -s /bin/bash -d /home/foo-user -m foo-user',
                        stdout=False,
                        sudo=True)
                ])
                self.role.set_user_password.assert_called_once_with(
                    'foo-user', 'foo-pass', False)
                self.role.ensure_user_groups.assert_called_once_with(
                    'foo-user', ['foo-group', 'bar-group'])

    @istest
    def ensures_user_is_created_with_only_group_as_username(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups',
                                    'user_exists', 'execute',
                                    'set_user_password'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******')

                self.assertEqual(self.role.execute.mock_calls, [
                    call(
                        'useradd -g foo-user -s /bin/bash -d /home/foo-user -m foo-user',
                        stdout=False,
                        sudo=True),
                ])

    @istest
    def ensures_user_is_created_with_different_home(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups',
                                    'user_exists', 'execute',
                                    'set_user_password'):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = False

                self.role.ensure_user(username='******',
                                      home_folder='/srv/bar')

                self.assertEqual(self.role.execute.mock_calls, [
                    call(
                        'useradd -g foo-user -s /bin/bash -d /srv/bar -m foo-user',
                        stdout=False,
                        sudo=True),
                ])

    @istest
    def doesnt_add_but_set_user_as_admin_for_debian_when_it_already_exists_but_is_not_admin_yet(
            self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups',
                                    'user_exists', 'user_in_group', 'execute',
                                    "set_user_password"):
            with self.provisioning_to('debian'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = False

                self.role.ensure_user(username='******', is_admin=True)

                self.role.user_in_group.assert_called_once_with(
                    'foo-user', 'admin')
                self.assertEqual(self.role.execute.mock_calls, [
                    call('usermod -G admin foo-user', sudo=True, stdout=False),
                ])

    @istest
    def doesnt_add_but_set_user_as_admin_for_ubuntu_when_it_already_exists_but_is_not_admin_yet(
            self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups',
                                    'user_exists', 'user_in_group', 'execute',
                                    'set_user_password'):
            with self.provisioning_to('ubuntu'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = False

                self.role.ensure_user(username='******', is_admin=True)

                self.role.user_in_group.assert_called_once_with(
                    'foo-user', 'sudo')
                self.assertEqual(self.role.execute.mock_calls, [
                    call('usermod -G sudo foo-user', sudo=True, stdout=False),
                ])

    @istest
    def just_add_user_to_groups_if_its_already_admin(self):
        with self.mock_role_methods('ensure_group', 'ensure_user_groups',
                                    'user_exists', 'user_in_group', 'execute',
                                    'set_user_password'):
            with self.provisioning_to('ubuntu'):
                self.role.user_exists.return_value = True
                self.role.user_in_group.return_value = True

                self.role.ensure_user(username='******',
                                      is_admin=True,
                                      groups=['foo-group', 'bar-group'])

                self.assertFalse(self.role.execute.called)
                self.role.ensure_user_groups.assert_called_once_with(
                    'foo-user', ['foo-group', 'bar-group'])

    @istest
    def check_set_user_password_when_password_is_encrypted(self):
        encrypted_password = "******"
        with self.mock_role_methods("create_remote_temp_file", 'put_file',
                                    'execute', "remove_file"):
            self.role.create_remote_temp_file.return_value = "/tmp/random"
            self.role.set_user_password("foo",
                                        encrypted_password,
                                        encrypted=True)
            self.role.put_file.assert_called_once_with(ANY,
                                                       "/tmp/random",
                                                       sudo=True,
                                                       stdout=False)
            self.assertIn(
                call('cat "/tmp/random" | chpasswd -e',
                     sudo=True,
                     stdout=False), self.role.execute.mock_calls)

    @istest
    def check_set_user_password_when_password_is_not_encrypted(self):
        with self.mock_role_methods("create_remote_temp_file", 'put_file',
                                    'execute', "remove_file"):
            self.role.create_remote_temp_file.return_value = "/tmp/random"
            self.role.set_user_password("foo", "foo-pass")
            self.role.put_file.assert_called_once_with(ANY,
                                                       "/tmp/random",
                                                       sudo=True,
                                                       stdout=False)
            self.assertIn(
                call('cat "/tmp/random" | chpasswd ', sudo=True, stdout=False),
                self.role.execute.mock_calls)